Release DateJan 23, 2008 |
Severitycritical |
ImpactSystem Compromise: remote code execution. |
DescriptionThis indicates an attempt to exploit one of several stack based buffer overflow vulnerabilities in the Microsoft Jet engine.The vulnerabilities are in msjet40.dll (4.0.8618.0). They result from the application's failure to bounds check user supplied input. As a result a remote attacker may be able to execute arbitrary code via a crafted MDB file. |
Affected ProductsMicrosoft JET 4.0 SP7Microsoft JET 4.0 SP6 Microsoft JET 4.0 SP5 Microsoft JET 4.0 SP4 Microsoft JET 4.0 SP3 Microsoft JET 4.0 SP2 Microsoft JET 4.0 SP1 Microsoft JET 4.0 Microsoft Access 2000 Microsoft JET 3.51 SP3 Microsoft JET 3.51 Microsoft Excel 95 Microsoft Excel 97 Microsoft JET 3.5 Microsoft Access 95 Microsoft Access 97 Microsoft JET 3.0 Microsoft Access 95 Microsoft JET 2.5 Microsoft Access 2.0 SP1 Microsoft JET 2.0 Microsoft Access 2.0 Microsoft Access 2003 Microsoft Access 2002 SP2 Microsoft Windows 2000 Professional SP3 Microsoft Windows 2000 Professional SP2 Microsoft Windows 2000 Professional SP1 Microsoft Windows 2000 Professional Microsoft Windows 98 Microsoft Windows 98SE Microsoft Windows ME Microsoft Windows NT Workstation 4.0 SP6a Microsoft Windows NT Workstation 4.0 SP6 Microsoft Windows NT Workstation 4.0 SP5 Microsoft Windows NT Workstation 4.0 SP4 Microsoft Windows NT Workstation 4.0 SP3 Microsoft Windows NT Workstation 4.0 SP2 Microsoft Windows NT Workstation 4.0 SP1 Microsoft Windows NT Workstation 4.0 Microsoft Windows XP Home SP1 Microsoft Windows XP Home Microsoft Windows XP Professional SP1 Microsoft Windows XP Professional Microsoft Access 2002 SP1 Microsoft Access 2002 Microsoft Office XP Microsoft Windows 2000 Advanced Server SP2 Microsoft Windows 2000 Advanced Server SP1 Microsoft Windows 2000 Advanced Server Microsoft Windows 2000 Datacenter Server SP2 Microsoft Windows 2000 Datacenter Server SP1 Microsoft Windows 2000 Datacenter Server Microsoft Windows 2000 Professional SP2 Microsoft Windows 2000 Professional SP1 Microsoft Windows 2000 Professional Microsoft Windows 2000 Server SP2 Microsoft Windows 2000 Server SP1 Microsoft Windows 2000 Server Microsoft Windows 2000 Terminal Services SP2 Microsoft Windows 2000 Terminal Services SP1 Microsoft Windows 2000 Terminal Services Microsoft Windows 98 Microsoft Windows 98SE Microsoft Windows ME Microsoft Windows NT Enterprise Server 4.0 SP6a Microsoft Windows NT Enterprise Server 4.0 SP6 Microsoft Windows NT Server 4.0 SP6a Microsoft Windows NT Server 4.0 SP6 Microsoft Windows NT Terminal Server 4.0 SP6 Microsoft Windows NT Workstation 4.0 SP6a Microsoft Windows NT Workstation 4.0 SP6 Microsoft Windows XP Home Microsoft Windows XP Professional Microsoft Access 2000 SR1 Microsoft Access 2000 SP3 Microsoft Windows 2000 Professional SP3 Microsoft Windows 2000 Professional SP2 Microsoft Windows 2000 Professional SP1 Microsoft Windows 2000 Professional Microsoft Windows 98 Microsoft Windows 98SE Microsoft Windows ME Microsoft Windows NT Workstation 4.0 SP6a Microsoft Windows NT Workstation 4.0 SP6 Microsoft Windows NT Workstation 4.0 SP5 Microsoft Windows NT Workstation 4.0 SP4 Microsoft Windows NT Workstation 4.0 SP3 Microsoft Windows NT Workstation 4.0 SP2 Microsoft Windows NT Workstation 4.0 SP1 Microsoft Windows NT Workstation 4.0 Microsoft Windows XP Home SP1 Microsoft Windows XP Home Microsoft Windows XP Professional SP1 Microsoft Windows XP Professional Microsoft Access 2000 SP2 Microsoft Access 2000 Microsoft Office 2000 Microsoft Windows 2000 Professional Microsoft Windows 95 Microsoft Windows 98 Microsoft Windows NT 4.0 |
Recommended ActionsCurrently we are not aware of any vendor supplied patches for this issue. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2008-1092CVE-2007-6026 |
Reference/shttp://www.microsoft.com/technet/security/Bulletin/ms08-028.mspx (MS-ID)http://www.securityfocus.com/bid/28398 (BugTraq) http://dvlabs.tippingpoint.com/advisory/TPTI-08-04 http://www.securityfocus.com/bid/26468 (BugTraq) |
