Threat Encyclopedia

MS.JET.Database.File.Code.Execution

description-logoDescription

This indicates a possible exploit of a buffer overflow vulnerability in the Microsoft JET database engine.
The Jet Database Engine (Msjet40.dll) is a relational database engine that handles database processing for Microsoft office applications. A buffer overflow vulnerability is reported in it that may allow an attacker to execute arbitrary code on vulnerable client systems. This is possible because the Jet engine (msjetoledb40.dll) fails to properly validate data in .mdb files while parsing them. An attacker may a send malformed .mdb file to a victim via email or web link. Once the malformed database file is opened, arbitrary code embedded in it will be able to run on the exploited system leading to unauthorized access. User interaction may be required to open the .mdb file from web browser software.

affected-products-logoAffected Products

Microsoft JET 4.0 SP7 and earlier versions.

Impact

System compromise: remote code execution.

recomended-action-logoRecommended Actions

Apply the appropriate patch from the vendor or upgrade to a non-vulnerable version if available.