• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

RETIRED: Microsoft Jet Database Engine MDB File Parsing Remote Code Execution Vulnerability

Microsoft Jet Database Engine is prone to a remote code-execution vulnerability.

Remote attackers can exploit this issue to execute arbitrary machine code in the context of a user running affected applications. Successful exploits will compromise the affected applications and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions.

This issue does not affect Windows Server 2003 Service Pack 2, Windows Vista, and Windows Vista Service Pack 1as they run a non-vulnerable version of the Jet Database Engine.

This issue does affect Microsoft Word 2000 Service Pack 3, Microsoft Word 2002 Service Pack 3, Microsoft Word 2003 Service Pack 2, Microsoft Word 2003 Service Pack 3, Microsoft Word 2007, and Microsoft Word 2007 Service Pack 1 on Microsoft Windows 2000, Windows XP, or Windows Server 2003 Service Pack 1.

NOTE: This issue is a duplicate of the vulnerability discussed in BID 26468 (Microsoft Jet DataBase Engine MDB File Parsing Remote Buffer Overflow Vulnerability).