Security News > 2020 > January > Microsoft Access Files Could Include Unintentionally Saved Sensitive Data
An information disclosure vulnerability affecting Microsoft Access can cause sensitive data from system memory to be unintentionally saved in database files, email security company Mimecast revealed on Tuesday.
The vulnerability, dubbed "MDB Leaker" by Mimecast, is related to "The improper management of system memory by an application." It can cause the content of uninitialized memory elements to be saved into Microsoft Access MDB files.
While the data that is saved to MDB files could be useless, it could also include highly sensitive information, such as passwords, web requests, certificates, and domain or user data.
Mimecast says any file saved with a vulnerable version of Access could include sensitive information and attackers who have access to the targeted system could automate the process of looking for sensitive information in MDB files.
Farjon says an attacker does not need to know how the vulnerability works in order to find sensitive information unintentionally saved to database files.