F-Secure
Tools
Exploit:W32/JetDb.C
Summary
This sample arrives together with a malicious MS Word document file as a package or attachment to email messages. The specially crafted file exploits a known Remote Code Execution vulnerability on Microsoft Jet Database Engine.
Disinfection
Disinfection of Exploits
Exploits are used by malicious programs, so please refer to disinfection of these malicious programs (worms, trojans, backdoors) for more information.
In some cases, Exploits (for example iFrame exploit) can be detected in e-mail files stored on a hard drive. In such a case it is recommended to delete those files.
It is very important to have all the security patches for your operating system updated to prevent security breaches and infections resulted from the use of exploits.
Failed disinfection
In some cases, F-Secure Anti-Virus might not disinfect a system automatically. In this case, please visit our Support pages:
http://support.f-secure.com/enu/home/virusproblem/howtoclean/
Exploits are used by malicious programs, so please refer to disinfection of these malicious programs (worms, trojans, backdoors) for more information.
In some cases, Exploits (for example iFrame exploit) can be detected in e-mail files stored on a hard drive. In such a case it is recommended to delete those files.
It is very important to have all the security patches for your operating system updated to prevent security breaches and infections resulted from the use of exploits.
Failed disinfection
In some cases, F-Secure Anti-Virus might not disinfect a system automatically. In this case, please visit our Support pages:
http://support.f-secure.com/enu/home/virusproblem/howtoclean/
Additional Details
This malware file arrives as a package usually with another maliciously crafted MS Word Document file to be executed.
When loaded, this malware wil then exploit a known Remote-Code-Execution vulnerability on MS Jet Database Engine.
A successful execution of the exploit will result to the file C:\SVCH0ST.EXE to be created and executed on the user's system.
When loaded, this malware wil then exploit a known Remote-Code-Execution vulnerability on MS Jet Database Engine.
A successful execution of the exploit will result to the file C:\SVCH0ST.EXE to be created and executed on the user's system.