NEWS FROM THE LAB - Wednesday, April 13, 2005

Exploit released for an unpatched MS flaw Posted by Mika @ 08:21 GMT

Exploit code for a Microsoft Jet Database Engine vulnerability has been published. This vulnerability can be exploited to run arbitrary code if the user opens a crafted Access database file (".mdb"). It was not addressed by the Microsoft's April security patches released yesterday. For more information check this advisory from Secunia.

Note also that there already is a public proof-of-concept exploit for IE DHTML object memory corruption vulnerability described on MS05-20 from yesterday. You really should apply the patch immediately. Often within a few days of these proof-of-concepts appearing, we will start seeing malware that uses the same techniques.