Short Name |
HTTP:STC:DL:MAL-MDB |
---|---|
Severity |
Critical |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Malicious .MDB File Access through HTTP |
Release Date |
2005/04/11 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects malicious .MDB files transmitted through HTTP. Attackers can craft a malicious MDB database and provide a HTTP link to a target system; when the user opens the link, the database is opened by the default handler (typically the MS-Jet DLL), which might enable the attacker to execute code.
Microsoft Jet Database Engine is vulnerable to a buffer-overflow vulnerability because the library fails to properly bounds-check the contents of user-supplied database files. Attackers may exploit this vulnerability to execute arbitrary machine code in the context of the victim trying to access a malicious Jet database file. This vulnerability is reported to reside in the 'msjet40.dll' library, version 4.00.8618.0. Older versions may also be affected. The 'msjetole40.dll' OLE (Object Linking and Embedding) library is reportedly immune to this vulnerability. The Backdoor.Hesive trojan is reported to employ this vulnerability to install itself on vulnerable computers. Please see the web reference for more information.