Trojan rides in on unpatched Office flaw

Filed under: — By Aviran Mordo @ 9:17 am

A new Trojan horse exploits an unpatched flaw in Microsoft Office and could let an attacker commandeer vulnerable computers, security experts have warned.

The malicious code takes advantage of a flaw in Microsoft’s Jet Database Engine, a lightweight database used in the company’s Office productivity software. The security hole was reported to Microsoft in April, but the company has yet to provide a fix for the problem.

“Microsoft is aware that a Trojan recently released into the wild may be exploiting a publicly reported vulnerability in Microsoft Office,” a company representative said in a statement sent via e-mail on Friday. The software maker is investigating the issue and will take “appropriate action,” the representative said.

The Trojan horse arrives in the guise of a Microsoft Access file, security software maker Symantec said in an advisory. When run on a vulnerable system, it would give a remote attacker full access to a compromised computer, Symantec said. The company calls the pest “Backdoor.Hesive” and notes that it is not widespread.

Source: News.com


Leave a Reply

You must have Javascript enabled in order to submit comments.

All fields are optional (except comment).
Some comments may be held for moderation (depends on spam filter) and not show up immediately.
Links will automatically get rel="nofollow" attribute to deter spammers.

Powered by WordPress