0

I want to know if while trying to connect to a file with OlEDB and this file contains malware, if this malware can be activated.

Even if the answer is yes or no, could you please explain me why and/or how this happens?

I read the sentence below in this article but I'm not sure that while trying to connect with OLEDB that this connection will not activate the entry point of the exe hidden under the xls file in my case:

Almost all viruses are attached to an executable file, which means the virus may exist on a system but will not be active or able to spread until a user runs or opens the malicious host file or program. When the host code is executed, the viral code is executed as well.

Note that I use OLEDB in c# with System.Data.Oledb and with a connection string like this one:

Provider=Microsoft.ACE.OLEDB.12.0;Data Source=c:\myFolder\myExcel2007file.xlsx; Extended Properties="Excel 12.0 Xml;HDR=YES";

Thank you.

Improve this question

1 Answer 1

Reset to default
2

could you please explain me why and/or how this happen?

In order to do so, you must understand how malware works. Just like any regular program, it must be executed in order to do its damage. You can rename an infected .exe to .jpg and open it in a photo viewer, nothing will happen.

The same goes for your data source. If you just display its contents, nothing will happen. Unless of course the malware is targeting the display system, which is frequently used for dropping malware: for example known buffer overflows in PDF-, photo- or other document viewers, where a specially crafted file leaks executable code into the stack of the hosting program, so it can run its "installer" or do its damage by running once.

Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

Ok, perfect, now in the case of an OLEDB provider like Microsoft use in System.Data.Oledb, do you think the while trying to connect to the file, the provider will execute the program?
@Samuel why do you think an OLEDB provider will handle data as code and execute it?
I'm in the process of understanding how OLEDB provider works to be really sure it only read of sequence of bytes without executing it and the help of an expert would be appreciate.
@Samuel I'm absolutely not an expert on the subject, but I can say that any data in any source will be presented as data, not executed as code. If you type "Hello World" in a cell and query for it, will it execute "Hello World"? Then why would it do so with code? It is all data as far as OLEDB is concerned, not code. But perhaps someone with more experience on this matter can explain it more clearly. :) Anyway, even if, why would an attacker go through the hassle of replacing your data source with a virus, instead of your program, given they already have access to the machine?
I already tried and as you say, it throw an exception but I just be really really sure that under the cover, the provider don't try anything other than ready bytes without executing the file as a program. Thank you very much for your time and your help.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.