Monday, March 24, 2008 8:00 AM cmosby

Microsoft Jet Database Engine Multiple Vulnerabilities - Advisories - Secunia

 

Microsoft Jet Database Engine Multiple Vulnerabilities
Advisory Available in Danish

Secunia Advisory:
SA14896

Release Date:
2005-04-12

Last Update:
2008-03-24

Critical:

Highly critical

Impact:
System access

Where:
From remote

Solution Status:
Unpatched

OS:
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Storage Server 2003
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional

Software:
Microsoft Office 2000
Microsoft Office 2003 Professional Edition
Microsoft Office 2003 Small Business Edition
Microsoft Office 2003 Standard Edition
Microsoft Office 2003 Student and Teacher Edition
Microsoft Office 2007
Microsoft Office Word 2007
Microsoft Office XP
Microsoft Word 2000
Microsoft Word 2002
Microsoft Word 2003

CVE reference:
CVE-2005-0944 (Secunia mirror)
CVE-2007-6026 (Secunia mirror)
CVE-2008-1092 (Secunia mirror)

Description:
Some vulnerabilities have been reported in Microsoft Jet Database Engine, which can be exploited by malicious people to compromise a user's system.

The vulnerabilities are caused due to a memory handling error and a boundary error in the Microsoft Jet Database Engine (msjet40.dll). This can be exploited to execute arbitrary code by e.g. tricking a user into opening a specially crafted Word document that automatically loads another file (e.g. a renamed ".mdb" file) in the same location as a jet engine source file.

NOTE: These vulnerabilities can also be exploited by tricking a user into opening a malicious ".mdb" file in Access. However, it should be noted that the ".mdb" file type is considered unsafe as it allows running arbitrary code when opened in Access. The gain from exploiting this vulnerability via Access is thus not greater than if a user is convinced into opening an ordinary ".mdb" file not exploiting any of these vulnerabilities.

The vulnerability only affects versions of msjet40.dll prior to 4.0.9505.0 and thus systems running Windows Server 2003 SP2, Windows Vista, and Windows Vista SP1 are not vulnerable.

Solution:
Do not open untrusted Office documents.

Provided and/or discovered by:
HexView and cocoruder.

Microsoft Word attack vector reported as a 0-day.

Changelog:
2005-10-04: Added link to US-CERT vulnerability note.
2008-03-24: Updated advisory based on additional information about 0-day Word attack vector. Added link to US-CERT.

Original Advisory:
Microsoft:
http://www.microsoft.com/technet/security/advisory/950627.mspx

Hexview:
http://www.hexview.com/docs/20050331-1.txt

cocoruder:
http://ruder.cdut.net/blogview.asp?logID=227

Other References:
US-CERT VU#176380:
http://www.kb.cert.org/vuls/id/176380

US-CERT VU#936529:
http://www.kb.cert.org/vuls/id/936529

Symantec:
http://www.symantec.com/enterprise/se...3/another_reason_why_microsoft_s.html

Source: Microsoft Jet Database Engine Multiple Vulnerabilities - Advisories - Secunia

Filed under: , , , , , ,

Comments

No Comments