Date: Sat, 5 Aug 2006 01:15:30 +0300 (EEST)
From: Juha-Matti Laurio <juha-matti.laurio@netti.fi.>
To: [email protected], [email protected]Subject: Will Microsoft patch remarkable old Msjet40.dll issue?
MIME-Version: 1.0
Content-Type: text/plain; Charset=iso-8859-1; Format=Flowed
Content-Transfer-Encoding: 7bit
X-Mailer: Saunalahti webmail - http://saunalahti.fi
X-Originating-IP: 88.112.171.35
X-Virus-Scanned: antivirus-gw at tyumen.ru
Microsoft informs about ten existing Windows flaws and two Office flaws at
http://www.microsoft.com/technet/security/bulletin/advance.mspx
Some of the upcoming security bulletins have Critical severity.
Maybe it's time to release a fix to remarkable old Msjet40.dll issue reported by HexView as early as in March 2005.
Some background information:
In May Trojans exploited undocumented 0-day vulnerability in MS Word.
In June Trojans attacked against Excel.
July was the month of PowerPoint 0-days.
Actually there was no reports about the fourth Office case. But there was another Office case too.
It was related to Microsoft Access.
Trojan Backdoor.Pcclient.B attacked against unpatched
'Microsoft Jet Database Engine Malformed Database File Buffer Overflow Vulnerability'
spreaded with dropper file containing Trojan.Acdropper.B.
This is not a surprise, because at least three public exploits have been published.
A coverage list of references is listed at http://www.kb.cert.org/vuls/id/176380
US-CERT doesn't list affected systems, but Access 2003, 2002 and 2002 install Msjet40.dll.
These were not the last Office issues we will see. And more is coming if old Office flaws keep unpatched in the future.
More details and some conclusions at my new entry
http://blogs.securiteam.com/?p=535
- Juha-Matti
