For anyone who has to open MS database files, please do read this:
Microsoft Jet Database Engine Database File Parsing Vulnerability
Secunia Advisory: SA14896 Print Advisory Release Date: 2005-04-12
Critical: Highly critical Impact: System access Where: From remote Solution Status: Unpatched
OS: Microsoft Windows 2000 Advanced Server Microsoft Windows 2000 Datacenter Server Microsoft Windows 2000 Professional Microsoft Windows 2000 Server Microsoft Windows XP Home Edition Microsoft Windows XP Professional
Software: Microsoft Access 2000 Microsoft Access 2002 Microsoft Access 2003 Microsoft Office 2000 Microsoft Office 2003 Professional Edition Microsoft Office 2003 Small Business Edition Microsoft Office 2003 Standard Edition
Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it.
CVE reference: CAN-2005-0944
Description:
HexView has discovered a vulnerability in Microsoft Jet Database Engine, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a memory handling error when e.g. parsing database files. This can be exploited to execute arbitrary code by tricking a user into opening a specially crafted ".mdb" file in Microsoft Access.
NOTE: Exploit code has been posted to a public mailing list.
The vulnerability has been confirmed on a fully patched system with Microsoft Access 2003 (msjet40.dll version 4.00.8618.0) and Microsoft Windows XP SP1/SP2. Other versions may also be affected.
Solution: Do not open untrusted ".mdb" database files.
Provided and/or discovered by: HexView
Original Advisory: http://www.hexview.com/docs/20050331-1.txt
Please note: The information, which this Secunia Advisory is based upon, comes from third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
Peter Kaulback -- -- I haven't failed, I've found 10,000 ways that don't work.
Thomas Edison (1847-1931) ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
