Initial samples received on:
Dec 8, 2007
Memory resident: No
File size: 13,824 Bytes (compressed)
This hacking tool is a zero-day exploit that takes advantage of the following software vulnerability, which allows a remote malicious user or malware to download files on the affected system:
- Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability
The said vulnerability is a stack-based buffer overflow in Microsoft MSJET40.DLL or Microsoft Jet Engine, as used by Access 2003 in Microsoft Office 2003 SP3. This allows user-assisted attackers to execute arbitrary codes via a crafted MDB file.
Once this hacking tool is used against a vulnerable system, hackers can execute the following commands on the said system:
- Deploy shell commands to execute
- Download and execute a file in a specified remote site
- Create a connect back shell
This hacking tool runs on Windows XP and Server 2003.
Analysis by: James Patrick Dee