Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability

vendor:

Microsoft Jet Engine

by:

cocoruder

N/A

CVSS

N/A

Stack Overflow

CWE

Product Name: Microsoft Jet Engine

Affected Version From: Microsoft Office Access 2003 sp3 on Windows XP SP2(chinese)

Affected Version To: Unknown

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Windows

2007

Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability

A remote code execute vulnerability exists in Microsoft Jet Engine. A remote attacker who successfully exploit this vulnerability can execute arbitrary code on the affected system.

Mitigation:

Source

Exploit-DB raw data:

Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability

by cocoruder(frankruder_at_hotmail.com)
http://ruder.cdut.net


Summary:

    A remote code execute vulnerability exists in Microsoft Jet
Engine. A remote attacker who successfully exploit this vulnerability
can execute arbitrary code on the affected system.


Affected Software Versions:

    Microsoft Office Access 2003 sp3 on Windows XP SP2(chinese)
    (Other versions may also be affected)

How to Reproduce:

    Open the attached file
"Microsoft_Jet_Engine_MDB_File_Parsing_Exploit.mdb" with Office Access
2003 sp3 on Windows XP SP2, then "calc.exe" will be executed, please
do not use the exploit for attacking.

The attached file is at:

    http://ruder.cdut.net/attach/MS_MDB_Vul/Microsoft_Jet_Engine_MDB_File_Parsing_Exploit.rar
    Exploit-DB Mirror: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/4625.rar (11162007-Microsoft_Jet_Engine_MDB_File_Parsing_Exploit.rar)

    MD5 Hash:73243B8823C8DC2C88AE0529CA13C4C6

# milw0rm.com [2007-11-16]