Microsoft Jet Database Buffer Overflow in 'msjet40.dll' Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1013618
|
|
SecurityTracker URL: http://securitytracker.com/id?1013618
|
|
CVE Reference: CVE-2005-0944
(Links to External Site)
|
Updated: Dec 18 2007
|
Original Entry Date: Mar 31 2005
|
Impact: Execution of arbitrary code via network, User access via network
|
Advisory: HexView
|
Version(s): msjet40.dll library version 4.00.8618.0
|
Description: A vulnerability was reported in the Microsoft Jet database. A remote user can cause arbitrary code to be executed.
The 'msjet40.dll' component does not properly validate user-supplied input when parsing database files. A remote user can create
a specially crafted '.mdb' database file that, when opened by the target user, will cause arbitrary code to be executed with the
privileges of the target user.
The Microsoft JetDB OLE Provider (msjetoledb40.dll) is not affected.
The vendor was notified
on March 30, 2005.
The original advisory is available at:
http://www.hexview.com/docs/20050331-1.txt
HexView reported this
vulnerability.
|
Impact: A remote user can cause arbitrary code to be executed with the privileges of the target user (when the user opens an affected Jet database file).
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: www.microsoft.com/ (Links to External Site)
|
Cause: Boundary error, Input validation error
|
Underlying OS: Windows (Any)
|
Reported By: vuln@hexview.com
|
Message History:
None.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
