Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:740716
HistoryApr 13, 2004 - 12:00 a.m.

Microsoft Jet Database Engine database request handling buffer overflow

2004-04-1300:00:00
www.kb.cert.org
9

0.1 Low

EPSS

Percentile

94.9%

JSON

Overview

The Microsoft Jet Database Engine (Jet) provides data access functionality to a number of other Microsoft and many third party applications. A buffer overflow vulnerability exists in the Jet Database Engine that could allow a remote attacker to execute code of their choosing on an affected system.

Description

A buffer overflow error exists in the way that a database request is processed by the Microsoft Jet Database Engine. This error results in a vulnerability that could allow remote code execution on an affected system. An attacker could exploit the vulnerability by creating a specially crafted database query and sending it through an application that is using Jet on an affected system.

Impact

A remote attacker can execute arbitrary code of their choosing with the same privileges as the user context of the application using the Jet Database Engine. The attacker may be able to leverage these privileges to take complete control of an affected system. Microsoft lists secondary impacts including, but not limited to, installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.

Solution

Apply a patch from the vendor

Microsoft, Inc. has published Microsoft Security Bulletin MS04-014 in response to this issue. Users are strongly encouraged to review this bulletin and apply the patches it refers to.

Vendor Information

740716

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Microsoft Corporation __ Affected

Updated: April 13, 2004

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Microsoft, Inc. has published Microsoft Security Bulletin MS04-014 in response to this issue. Users are strongly encouraged to review this bulletin and apply the patches it refers to.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23740716 Feedback>).

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

<http://www.microsoft.com/technet/security/bulletin/ms04-014.mspx&gt;

Acknowledgements

Thanks to Microsoft Security for reporting this vulnerability. Microsoft, in turn, credits Matt Thompson of Aberdeen IT for reporting this vulnerability to them.

This document was written by Chad R Dougherty based on information provided in Microsoft Security Bulletin MS04-014.

Other Information

CVE IDs: CVE-2004-0197
Severity Metric: 12.83 Date Public:

Related

securityvulns 2
nessus 1
cve 1
cvelist 1
securityvulns
securityvulns
Microsoft Security Bulletin MS04-014
2004-04-14 00:00:00
US-CERT Technical Cyber Security Alert TA04-104A -- Multiple Vulnerabilities in Microsoft Products
2004-04-14 00:00:00
nessus
nessus
MS04-014: Microsoft Hotfix (credentialed check) (837001)
2004-04-13 00:00:00
cve
cve
CVE-2004-0197
2004-06-01 04:00:00
cvelist
cvelist
CVE-2004-0197
2004-04-16 04:00:00

0.1 Low

EPSS

Percentile

94.9%

JSON
Related for VU:740716
securityvulns2nessus1cve1cvelist1