A macro script embedded in a .mdb file has been known to exploit a vulnerability in Microsoft Access “Microsoft Jet Database Engine Malformed Database File Buffer Overflow Vulnerability”, this leads to the infection of the user’s system.
This macro script is now detected as A2KM_HESIB.A.
Once this .mdb file (A2KM_HESIB.A) is opened in Microsoft Access it uses the vulnerability mentioned above to drop and execute an exe file named CSRSE.EXE (BKDR_HESIB.A) in the Windows temporary folder.
This shows that malware authors’ attacks doesn’t only include Internet Explorer and Windows OS vulnerabilities but also Microsoft Office Applications.
Another malware which targets Microsoft Office Applications is the malware family W2KM.PASSPRO
This macro script is now detected as A2KM_HESIB.A.
Once this .mdb file (A2KM_HESIB.A) is opened in Microsoft Access it uses the vulnerability mentioned above to drop and execute an exe file named CSRSE.EXE (BKDR_HESIB.A) in the Windows temporary folder.
This shows that malware authors’ attacks doesn’t only include Internet Explorer and Windows OS vulnerabilities but also Microsoft Office Applications.
Another malware which targets Microsoft Office Applications is the malware family W2KM.PASSPRO
The vulnerability mentioned above still remains unpatched.
