Overview
» IDS/IPS Signatures
Security Sites
Products
White Papers
Data Sheets
Case Studies
Support Login
Locate a Partner
iPolicy Networks Security Advisory
 

Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability
Date Discovered: 05/13/2008
Severity: High
Operating Systems Affected: Microsoft Windows 2000 SP4
Windows XP SP2
Windows XP Professional x64 Edition
Windows Server 2003 SP1
Windows Server 2003 x64 Edition
Windows Server 2003 SP1 for Itanium-based Systems
Applications Affected: Microsoft Jet 4.0
Synopsis
Microsoft Jet DataBase Engine is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data. A Microsoft Access database uses the .MDB file extension by default. The Microsoft Jet Engine contains a stack buffer overflow in the handling of specially crafted database files.
Recommended Actions
Update the patches as guided by vendor at :
http://www.microsoft.com/technet/security/bulletin/ms08-028.mspx
Threat Analysis
Microsoft Jet Engine is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when parsing a MDB file. By persuading a victim to open a specially-crafted MDB file, a remote attacker could cause the victim's application to crash or possibly execute arbitrary code on the victim's system with the privileges of the victim.

Remote attackers can exploit this issue to execute arbitrary machine code in the context of a user running the application. Successful exploits will compromise the affected application and possibly the underlying computer. An attacker could exploit this vulnerability by sending the malicious file as an email attachment or hosting it on a Web site.
References

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6026

Write-up by: Aditya Chaturvedi
Security Sites
 
“iPolicy is one of the most visionary firewall vendors in the firewall Magic Quadrant. Its architecture of a central session processing engine and multiple content blades that are able to block based on signatures, rules and so on is the closest to the network security ideal.”
 
Greg Young, John Pescatore
Magic Quadrant for Network Firewalls, 2H04, Gartner
 

 
Home | About Us | Products | Technology | Solutions | Support | Partners | News & Events | Resources | Contact Us
Copyright ©2008 iPolicy Networks - Security Product Division of Tech Mahindra Limited | Privacy Policy | Site Map