GFI Finds Security Flaw in IE and MS Access 2000

SECURITY FLAW DISCOVERED IN INTERNET EXPLORER & ACCESS: Allows macros to be executed automatically

London, UK, 12 February 2002 – GFI, leading developer of email content checking and network security software, has discovered a security flaw in Internet Explorer and Microsoft Access 2000 that allows macros to be executed automatically on a victim’s machine. GFI has notified Microsoft Corp., which issued an advisory (Microsoft Security Bulletin number MS02-005).

This flaw within Internet Explorer allows a malicious user to run arbitrary code on a target machine as it attempts to view a website or an HTML email. It can be exploited by embedding macro code such as VBA (Visual Basic for Applications) within an Access database file (.mdb) that in turn lies within an Outlook Express email file or Multipart HTML File (.mhtml). If this file is accessed using Internet Explorer, the attachment can be automatically executed without triggering any warnings.

“It can be most dangerous to open an email which uses this exploit because it will run on any computer having Internet Explorer and Microsoft Access 2000, which forms part of MS Office. Our tests on this email threat showed that, in Outlook 2000, the embedded VBA code was executed automatically even within the High Security and Restricted Zone. Such an email that contains malicious code could do almost anything on the recipient’s machine,” warned GFI security engineer, Sandro Gauci.

Blocking this exploit from running via email

This flaw may be exploited through email by using an iframe tag in an HTML email or a window.open() within a tag, allowing Internet Explorer to automatically access the exploit eml file. To prevent the exploit from running through email, GFI advises filtering all HTML email for JavaScript and similar scripting capabilities, as well as checking for IFRAME. GFI also recommends filtering out mdb files and possibly blocking access to eml, mhtml and mht files through HTTP and email. It is also important to apply the patch distributed by Microsoft Corp.

“These threats can be automatically blocked at server level with an email content checking gateway such as Mail essentials. HTML tags and dangerous attachments are removed automatically at server level, meaning that email users are not in danger of receiving malicious attachments or HTML mails,” Nick Galea, GFI CEO, pointed out. The systems affected by this exploit include Windows machines with Microsoft Access and Internet Explorer 5 or 6, and possibly older versions; Outlook Express 2000 and 98; Outlook 2000 and 98; and possibly all other HTML and/or JavaScript-enabled email clients.

Test if your email system is vulnerable to this email threat

Administrators can test if their emails systems are vulnerable to this kind of email attack at http://www.gfi.com/emailsecuritytest, GFI’s Email Security Testing Zone.

About Mail essentials

Mail essentials for Exchange/SMTP is an email content checking and anti-virus gateway that removes all types of email-borne threats such as viruses, dangerous attachments, spam and offensive content. More than just an anti-virus package, Mail essentials analyses mail for security risks, such as embedded scripts, macros, disguised attachments and more. Pricing starts at US$350. For more information, please see http://www.gfi.com/mes/.

About GFI GFI (www.gfi.com) has six offices in the US, UK, Germany, France, Australia and Malta, and has a worldwide network of distributors. GFI is the developer of FAXmaker, Mail essentials and LANguard, and has supplied applications to clients such as Microsoft, Telstra, Time Warner Cable, Shell Oil Lubricants, NASA, DHL, Caterpillar, BMW, the US IRS, and the USAF. GFI is a Microsoft Gold Certified Partner and has won the Microsoft Fusion 2000 (GEM) Packaged Application Partner of the Year award.

All product and company names herein may be trademarks of their respective owners.

Don't miss