US-CERT is aware of a stack buffer overflow vulnerability in the way that Microsoft Access handles specially crafted database files. Opening a specially crafted Microsoft Access Database (e.g., .MDB) can cause arbitrary code execution without requiring any additional user interaction. Microsoft Access files are considered to be high-risk, so it may be possible to execute arbitrary code without using a vulnerability in Microsoft Access.

US-CERT is aware of active exploitation using malicious Microsoft Access databases.

To help protect against this type of attack, US-CERT recommends the following:

•     Do not open attachments from unsolicited email messages
•     Block high-risk file attachments at email gateways

• "Using Caution with Email Attachments" Cyber Security Tip
• Microsoft Knowledge Base Article "An overview of unsafe file types in Microsoft products"