POP3: .MDE

This signature detects e-mail attachments that have the extension .mde and were received through POP3. Because .MDEs (Microsoft Access MDE database) files can contain scripts and macros, this can indicate an incoming e-mail virus. Attackers can create malicious scripts, tricking users into executing the file and infecting the system.

Extended Description

Since .mde files contain code, malware writers can exploit this vulnerability by inserting malicious code. A target system is compromised if an unsuspecting user opens an .mde file, which is usually received by e-mail. The impact on the target system is dependent on the instructions contained in the malicious .mde file.

References

URL: http://www.cknow.com/vtutor/FileExtensions.html http://support.microsoft.com/?kbid=235309 http://www.novatone.net/mag/mailsec.htm

Short Name

POP3:EXT:DOT-MDE

Severity

Major

Recommended

False

Recommended Action

Drop

POP3: .MDE

Extended Description

References

Found a potential security threat?