Where to Buy Trend Micro Products

For Home

For Small Business

1-888-762-8736
(M-F 8:00am-5:00pm CST)

For Enterprise

1-877-218-7353
(M-F 8:00am-5:00pm CST)

Not in the United States?
Select the country/language of your choice:

Asia Pacific Region

Europe

The Americas

Not in the United States?
Select the country/language of your choice:

Asia/Pacific

Europe

America

Login

For Home

For Business

For Partners

Threat Encyclopedia

HKTL_MDBEXP.A

Download the latest scan engine

TypeHacking Tool

In the wild: No

Destructive: No

Language: English

Systems affected: Windows XP, Server 2003

Encrypted: No

Overall risk rating:

Low

Reported detections:

Low

System  impact:

Medium

Information exposure:

High
 

Description:

To get a one-glance comprehensive view of the behavior of this grayware, refer to the Behavior Diagram shown below.

HKTL_MDBEXP.A Behavior Diagram

Grayware Overview

This hacking tool is a zero-day exploit that takes advantage of the following software vulnerability, which allows a remote malicious user or malware to download files on the affected system:

  • Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability

Once this hacking tool is used against a vulnerable system, hackers can execute commands on the said system.



TECHNICAL DETAILS



Initial samples received on:  Dec 8, 2007

File type: PE

Memory resident: No  

Compression type: PE_Patch.PECompact

File size: 13,824 Bytes (compressed)

Details:

This hacking tool is a zero-day exploit that takes advantage of the following software vulnerability, which allows a remote malicious user or malware to download files on the affected system:

  • Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability

The said vulnerability is a stack-based buffer overflow in Microsoft MSJET40.DLL or Microsoft Jet Engine, as used by Access 2003 in Microsoft Office 2003 SP3. This allows user-assisted attackers to execute arbitrary codes via a crafted MDB file.

Once this hacking tool is used against a vulnerable system, hackers can execute the following commands on the said system:

  • Deploy shell commands to execute
  • Download and execute a file in a specified remote site
  • Create a connect back shell

This hacking tool runs on Windows XP and Server 2003.


Analysis by:  James Patrick Dee



SOLUTION


Minimum scan engine version needed: 8.300

Download the latest scan engine

Spyware pattern version needed : 0.619.00

Pattern release date:  Mar 18, 2008


Important note: The "Minimum scan engine" refers to the earliest Trend Micro scan engine version guaranteed to detect this threat. However, Trend Micro strongly recommends that you update to the latest version in order to get comprehensive protection. Download the latest scan engine here.

Solution:

Important Windows XP Cleaning Instructions

Users running Windows XP must disable System Restore to allow full scanning of infected computers.

Users running other Windows versions can proceed with the succeeding solution set(s).

Running Trend Micro Antivirus

If you are currently running in safe mode, please restart your computer normally before performing the following solution.

Download and unzip the latest spyware pattern file and scan your computers. Then, delete all files detected as HKTL_MDBEXP.A.

*NOTE: If the above manual removal instructions fail to eliminate this grayware, close all Internet Explorer windows, and perform the solution again.




Featured Stories

Connect with us on