Lucene search

SAINT CorporationSAINT:FB6F5560A5BFD93AEB77EBAB6332D587

HistoryNov 23, 2007 - 12:00 a.m.

Microsoft Jet Engine MDB file ColumnName buffer overflow

2007-11-2300:00:00

SAINT Corporation

download.saintcorporation.com

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.842 High

EPSS

Percentile

98.5%

JSON

Added: 11/23/2007
CVE: CVE-2007-6026
BID: 26468
OSVDB: 44880

Background

The Microsoft Jet Database Engine provides data access functionality for a number of applications.

Problem

A buffer overflow vulnerability in the Microsoft Jet Database Engine could lead to command execution when a user opens an MDB file containing a large ColumnName length.

Resolution

Do not open MDB files from untrustworthy sources.

References

<http://archives.neohapsis.com/archives/fulldisclosure/2007-11/0392.html>

Limitations

Exploit works on Microsoft Access 2000 SP3 and requires a user to download and open an MDB file in Microsoft Access.

Platforms

Windows

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.842 High

EPSS

Percentile

98.5%

JSON

Related for SAINT:FB6F5560A5BFD93AEB77EBAB6332D587