SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Database)  >   Microsoft Jet Vendors:   Microsoft
Microsoft Jet Database Buffer Overflow in 'msjet40.dll' Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1013618
SecurityTracker URL:  http://securitytracker.com/id/1013618
CVE Reference:   CVE-2005-0944   (Links to External Site)
Updated:  Dec 18 2007
Original Entry Date:  Mar 31 2005
Impact:   Execution of arbitrary code via network, User access via network

Version(s): msjet40.dll library version 4.00.8618.0
Description:   A vulnerability was reported in the Microsoft Jet database. A remote user can cause arbitrary code to be executed.

The 'msjet40.dll' component does not properly validate user-supplied input when parsing database files. A remote user can create a specially crafted '.mdb' database file that, when opened by the target user, will cause arbitrary code to be executed with the privileges of the target user.

The Microsoft JetDB OLE Provider (msjetoledb40.dll) is not affected.

The vendor was notified on March 30, 2005.

The original advisory is available at:

http://www.hexview.com/docs/20050331-1.txt

HexView reported this vulnerability.

Impact:   A remote user can cause arbitrary code to be executed with the privileges of the target user (when the user opens an affected Jet database file).
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.microsoft.com/ (Links to External Site)
Cause:   Boundary error, Input validation error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC