|
|
|
 |
Vulnerability Note VU#740716Microsoft Jet Database Engine database request handling buffer overflowOverviewThe Microsoft Jet Database Engine (Jet) provides data access functionality to a number of other Microsoft and many third party applications. A buffer overflow vulnerability exists in the Jet Database Engine that could allow a remote attacker to execute code of their choosing on an affected system.I. DescriptionA buffer overflow error exists in the way that a database request is processed by the Microsoft Jet Database Engine. This error results in a vulnerability that could allow remote code execution on an affected system. An attacker could exploit the vulnerability by creating a specially crafted database query and sending it through an application that is using Jet on an affected system.II. ImpactA remote attacker can execute arbitrary code of their choosing with the same privileges as the user context of the application using the Jet Database Engine. The attacker may be able to leverage these privileges to take complete control of an affected system. Microsoft lists secondary impacts including, but not limited to, installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.III. SolutionApply a patch from the vendorMicrosoft, Inc. has published Microsoft Security Bulletin MS04-014 in response to this issue. Users are strongly encouraged to review this bulletin and apply the patches it refers to.
References
Thanks to Microsoft Security for reporting this vulnerability. Microsoft, in turn, credits Matt Thompson of Aberdeen IT for reporting this vulnerability to them. This document was written by Chad R Dougherty based on information provided in Microsoft Security Bulletin MS04-014.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
Get Adobe Reader