Microsoft Jet Database Engine Multiple Vulnerabilities - Secunia Advisories - Vulnerability Intelligence

Home > Vulnerability Intelligence > Secunia Advisories > Microsoft Jet Database Engine Multiple Vulnerabilities

Secunia Advisories

Advisories

Advisories by Product

Business Solutions Restricted

Partner Solutions Restricted

About

Microsoft Jet Database Engine Multiple Vulnerabilities
Secunia Advisory:	SA14896	Advisory Toolbox: Issue ticket Save in to-do list Mark as handled Exploit information Download as PDF Review actions Add comment
Release Date:	2005-04-12
Last Update:	2008-05-13
Popularity:	40,238 views

Critical:	Highly critical
Impact:	System access
Where:	From remote
Solution Status:	Vendor Patch

OS:	Microsoft Windows 2000 Advanced Server Microsoft Windows 2000 Datacenter Server Microsoft Windows 2000 Professional Microsoft Windows 2000 Server Microsoft Windows Server 2003 Datacenter Edition Microsoft Windows Server 2003 Enterprise Edition Microsoft Windows Server 2003 Standard Edition Microsoft Windows Server 2003 Web Edition Microsoft Windows Storage Server 2003 Microsoft Windows XP Home Edition Microsoft Windows XP Professional

Software:	Microsoft Office 2000 Microsoft Office 2003 Professional Edition Microsoft Office 2003 Small Business Edition Microsoft Office 2003 Standard Edition Microsoft Office 2003 Student and Teacher Edition Microsoft Office 2007 Microsoft Office Word 2007 Microsoft Office XP Microsoft Word 2000 Microsoft Word 2002 Microsoft Word 2003

Binary Analysis:	BA478 :: Available for Credits

Subscribe:	Instant alerts on relevant vulnerabilities

CVE reference:	CVE-2005-0944 CVE-2007-6026 CVE-2008-1092

Description: Some vulnerabilities have been reported in Microsoft Jet Database Engine, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to a memory handling error and a boundary error in the Microsoft Jet Database Engine (msjet40.dll). This can be exploited to execute arbitrary code by e.g. tricking a user into opening a specially crafted Word document that automatically loads another file (e.g. a renamed ".mdb" file) in the same location as a JET database file. NOTE: These vulnerabilities can also be exploited by tricking a user into opening a malicious ".mdb" file in Access. However, it should be noted that the ".mdb" file type is considered unsafe as it allows running arbitrary code when opened in Access. The gain from exploiting this vulnerability via Access is thus not greater than if a user is convinced into opening an ordinary ".mdb" file not exploiting any of these vulnerabilities. The vulnerability only affects versions of msjet40.dll prior to 4.0.9505.0 and thus systems running Windows Server 2003 SP2, Windows Vista, and Windows Vista SP1 are not vulnerable. Solution: Apply patches. Windows 2000 SP4: http://www.microsoft.com/downloads/de...=0de12d09-e675-4cf0-bc6f-e42eeb4784a1 Windows XP SP2: http://www.microsoft.com/downloads/de...=3247433f-0aa9-49b8-9e40-c5463a95bcff Windows XP Professional x64 Edition: http://www.microsoft.com/downloads/de...=4915ebc4-5e7b-493e-b8c4-321d40d9a701 Windows Server 2003 SP1: http://www.microsoft.com/downloads/de...=86e3ed62-98f7-46ec-96ab-5e8c123b1288 Windows Server 2003 x64 Edition: http://www.microsoft.com/downloads/de...=5dfc867b-74b7-4818-9fc2-d71e7c9d2e38 Windows Server 2003 with SP1 for Itanium-based systems: http://www.microsoft.com/downloads/de...=3452119b-ba4c-4272-82ec-97396b2c2c3d Provided and/or discovered by: HexView and cocoruder. Microsoft Word attack vector reported as a 0-day. Changelog: 2005-10-04: Added link to US-CERT vulnerability note. 2008-03-24: Updated advisory based on additional information about 0-day Word attack vector. Added link to US-CERT. 2008-05-13: Updated "Solution" section. Original Advisory: MS08-028 (KB950749): http://www.microsoft.com/technet/security/Bulletin/MS08-028.mspx Microsoft: http://www.microsoft.com/technet/security/advisory/950627.mspx Hexview: http://www.hexview.com/docs/20050331-1.txt cocoruder: http://ruder.cdut.net/blogview.asp?logID=227 Other References: US-CERT VU#176380: http://www.kb.cert.org/vuls/id/176380 US-CERT VU#936529: http://www.kb.cert.org/vuls/id/936529 Symantec: http://www.symantec.com/enterprise/se...3/another_reason_why_microsoft_s.html

Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released. Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

Latest Advisories

Today

New advisories:	9
New vulnerabilities:	12
Updated advisories:	14

Moderately // 20 views

NetBSD Malformed ICMPv6 "MLD-QUERY" Denial of Service

Less // 15 views

Silentum LoginSys Multiple Cross-site Scripting Vulnerabilities

Less // 39 views

Avactis Shopping Cart "checkout.php" Cross-Site Scripting

Moderately // 34 views

MemHT Portal "stats_res" SQL Injection Vulnerability

Less // 62 views

libpng "png_push_read_zTXt( )" Off-By-One Vulnerability

Moderately // 56 views

phpAdultSite CMS SQL Injection And Cross-Site Scripting

Moderately // 78 views

Simple Machines Forum Password Reset Vulnerability

Moderately // 47 views

Gentoo update for courier-authlib

Less // 121 views

Linux Kernel "listxattr" Memory Corruption and CHRP Denial of Service

5th Sep, 2008

New advisories:	14
New vulnerabilities:	18
Updated advisories:	22

Less // 418 views

Netgear WN802T Wireless Access Point Two Vulnerabilities

Solutions | More...

Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com. Ideas, suggestions, and other feedback are most welcome.