According to a US-CERT alert, the attacks are using an unpatched stack buffer overflow vulnerability in the way Microsoft Access handles specially crafted database files.
Opening a specially crafted Microsoft Access Database (e.g., .MDB) can cause arbitrary code execution without requiring any additional user interaction. Microsoft Access files are considered to be high-risk, so it may be possible to execute arbitrary code without using a vulnerability in Microsoft Access.
Mark Miller, a director in Microsoft's security response center, said the company is aware of the attack reports and stressed that the file type being used (.MDB) is an unsafe file type. "Various Microsoft applications prevents users from opening this type of file, or warns them before they open the file," Miller said via e-mail.
To help protect against this type of attack, US-CERT recommends:
- Do not open attachments from unsolicited email messages
- Block high-risk file attachments at email gateways
A proof-of-concept exploit for a code execution hole in the Jet DB engine (which is built into Microsoft Access) is publicly available. The flaw affects Microsoft Office Access 2003 on Windows XP SP2.