Anunpatched security flaw in Microsoft’s Jet Database Engine is beingused to launch targeted attacks against Windows users, according to an advisory from the software vendor.
The attacks, described by Microsoft as "very limited," are exploiting abuffer overrun vulnerability in the lightweight database that providesdata access to applications such as Microsoft Access, Microsoft VisualBasic and third-party applications. Technical details on this zero-day vulnerability are not yet availablebut it is common knowledge that the Jet DB engine has suffered frommajor security issues over the last few years.
In fact, proof-of-concept exploit codetargeting multiple Jet database engine flaws has been available on theInternet since April 2005. The public exploit code affects the same"msjet40.dll" component referenced in Microsoft’s pre-patch advisory.
Read the full article at eWEEK.