Microsoft Access falls victim to serious flaw

Posted by Mark Raby

Redmond (WA) - The United States Computer Emergency Readiness Team (US-CERT) has issued a warning about a newly discovered hack that could implant malicious software on a computer via Microsoft's database software program.

The US-CERT said it is "aware of active exploitation" of the flaw.  The security hole allows hackers to create special .mdb files, the format read by Access, that will install attack commands on the victim's computer.

While this hack could be serious for a company that uses Access, it is not a typical target.  ".Mdb files are blocked by default in most installations of Internet Explorer and Outlook Express," said Symantec senior manager Ben Greenbaum in a PC World quote.

Access, which is included in high-end versions of the Microsoft Office suite, is an application that allows users to create extensive and complex databases of customers, inventory, etc.