Security Flaw In Microsot Access And Internet Explorer

Internet Explorer is the most insecure existing browser. We have already heard about the flaws in Internet Explorer, I am not going to list them again, But you can still read my previous post regarding internet explorer flaws. Today I am going to unleash another weakness in Internet Explorer that could allow any hacker/attacker to execute any code on your PC, and hacker can also attempts to demonstrate the site or HTML e-mail.

This exploit can then be used to create the VBA macros access to data files. If this file is accessible through the dead Internet Explorer, any application can be executed automatically without any prompt. This is very dangerous to open an email using this exploit because it runs on any computer with Internet Explorer and Microsoft Access 2000.

In Outlook 2000, VBA embedded code can be executed automatically, even in high security. GFI Security Engineer, Sandro Gauci says that the malicious code can do almost everything on the victom’s machine. The aim of this vulnerability is to exploit by an e-mail using the IFRAME HTML tag e-mail or window.open, Outlook Anti Spam, () with a label that allows Internet Explorer to automatically access it.

To prevent the rejection by e-mail, it is recommended to filter all your messages in HTML and JavaScript. It is also highly recommended to filter MDB files and block access to the EML MHT and MHTML files via HTTP and e-mail. Most importantly apply the patch provided by Microsoft. This will automatically block at the server and check the content of the email gateway, such as Essentials-mail.

Microsoft Windows machines running MS Access and Internet Explorer 6 can be used in this exploit. With this Outlook Express 2000, Windows 98, Outlook 98 and 2000 are also the victims of this exploit.

via [Outlook Anti Spam]