Microsoft Jet Database Engine buffer overflow

2006-03-24T00:00:00
ID SAINT:DF7A795D94AA91CB1DA8D082663EA7E3
Type saint
Reporter SAINT Corporation
Modified 2006-03-24T00:00:00

Description

Added: 03/24/2006
CVE: CVE-2005-0944
BID: 12960
OSVDB: 15187

Background

The Microsoft Jet Database Engine provides data access functionality for a number of applications.

Problem

An input validation vulnerability in the Microsoft Jet Database Engine could lead to command execution when a user opens a specially crafted Microsoft Access file.

Resolution

Avoid opening Microsoft Access database files from untrusted sources.

References

<http://www.kb.cert.org/vuls/id/176380>

Limitations

Successful exploitation requires a user to download the exploit file and open it in Microsoft Access.

Platforms

Windows