TUCoPS :: Browsers :: expl5096.htm

Internet Explorer and Access allow macros to be executed automatically
13th Feb 2002 [SBWID-5096]

	Internet Explorer and Access allow macros to be executed automatically


	 Microsoft Access


	 Internet Explorer version 5 till version 6. Older versions ?

	 Outlook Express 2000,

	 Outlook Express 98,

	 Outlook 2000,

	 Outlook 98


	In GFI Security Labs [http://www.gfi.com/] advisory [GFISEC04102001] :

	The problem is exploited  by  embedding  a  VBA  code  within  a  Access
	database file (.mdb) within an Outlook Express email file  or  Multipart
	HTML (mht) file.

	If the email file is accessed using Internet  Explorer,  the  attachment
	may be automatically executed without triggering  any  security  alerts.
	The exploit will work regardless of the security level (in our labs,  we
	also tested it with High Security and Restricted Zone).

	This may be exploited through email by using  an  iframe  tag  or  using
	Active Scripting to call the  malicious  file  through  an  HTML  email,
	allowing Internet Explorer  to  automatically  access  the  exploit  EML

	A live example of the named exploit is available on:




	 Workaround :



	Filtering  HTML   email   for   JavaScript   and   similarly   scripting
	capabilities as well as checking for IFRAME will prevent the exploit  to
	be run through  email.  This  can  be  easily  done  using  GFI\'s  Mail
	essentials & Mail Security for  Exchange  2000.  GFI  Security  Labs
	also recommends  filtering  out  mdb  files.  You  might  also  want  to
	consider blocking access to EML, MHTML and MHT files  through  HTTP  and

	 Patch :





TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH