Alerts
Alerts
Zero-Day Tracker
Common Name:
Microsoft Jet DB Multiple Vulns
Date Disclosed:
3/31/2005
Date Patched:
5/13/2008
Vendor:
Microsoft
Application:
Msjet40.dll versions lower than 4.0.9505.0
* Windows 2000
* Windows XP
* Windows Server 2003 SP1
Description:
A remote code execution vulnerability exists within Microsoft Jet DB engine (installed by default on Windows) which may allow for a remote attacker to execute arbitrary code under the context of the logged in user. This vulnerability requires user interaction. In a web-based scenario (e-mail, Web site), a user would still have to open a file manually, as it would not be auto-opened.
Severity:
High
Code Execution:
Yes
Impact:
Arbitrary code execution under the context of the logged in user
This client-side file-format vulnerability has high impact potential for targeted attacks against networks. These attacks could be used to gain sensitive information, install botnet software, as well as many other common exploitations. Although Office files are not auto-opened by most web browsers and e-mail clients, the severity of this vulnerability should not be overlooked.
Mitigation:
At this time, the best form of mitigation is to disable MDB files from being executed as outline in the Microsoft Security Advisory (KB950627).
Protection:
MS08-028
Links:
MSRC Blog Post
Microsoft Security Advisory (950627)
CVE-2005-0944 Disclosure
CVE-2007-6026 Disclosure
Status:
3/31/2005: Original Vulnerability Posted
11/16/2007: Second Vulnerability Posted
3/21/2008: In-The-Wild Exploitation Witnessed
Common Name:
Microsoft Jet DB Multiple Vulns
Date Disclosed:
3/31/2005
Date Patched:
5/13/2008
Vendor:
Microsoft
Application:
Msjet40.dll versions lower than 4.0.9505.0
* Windows 2000
* Windows XP
* Windows Server 2003 SP1
Description:
A remote code execution vulnerability exists within Microsoft Jet DB engine (installed by default on Windows) which may allow for a remote attacker to execute arbitrary code under the context of the logged in user. This vulnerability requires user interaction. In a web-based scenario (e-mail, Web site), a user would still have to open a file manually, as it would not be auto-opened.
Severity:
High
Code Execution:
Yes
Impact:
Arbitrary code execution under the context of the logged in user
This client-side file-format vulnerability has high impact potential for targeted attacks against networks. These attacks could be used to gain sensitive information, install botnet software, as well as many other common exploitations. Although Office files are not auto-opened by most web browsers and e-mail clients, the severity of this vulnerability should not be overlooked.
Mitigation:
At this time, the best form of mitigation is to disable MDB files from being executed as outline in the Microsoft Security Advisory (KB950627).
Protection:
- eEye's Blink® Personal Edition protects from this vulnerability.
- eEye's Blink® Professional Edition protects from this vulnerability.
- eEye's Retina® Network Security Scanner scans devices to detect for this vulnerability.
MS08-028
Links:
MSRC Blog Post
Microsoft Security Advisory (950627)
CVE-2005-0944 Disclosure
CVE-2007-6026 Disclosure
Status:
3/31/2005: Original Vulnerability Posted
11/16/2007: Second Vulnerability Posted
3/21/2008: In-The-Wild Exploitation Witnessed
