Microsoft Jet Database Engine Malformed Database File Buffer Overflow Vulnerability

It is reported that Microsoft Jet Database Engine is vulnerable to a buffer overflow vulnerability. This issue is due to a failure of the library to properly bounds check user-supplied database file contents.

Attackers may exploit this vulnerability to execute arbitrary machine code in the context of the victim user attempting to access a malicious Jet database file.

This vulnerability is reported to exist in the ‘msjet40.dll’ library, version 4.00.8618.0. Older versions may also be affected. The ‘msjetole40.dll’ OLE (Object Linking and Embedding) library is reportedly immune to this vulnerability.

http://www.securityfocus.com/bid/12960/discussion/ or http://www.securityfocus.com/archive/1/394758

Leave a Reply