• info
• discussion
• exploit
• solution
• references

Microsoft JET Database Engine VBA Vulnerability

This exploit uses an ASP sample page (catalog_type.asp). It lets you execute shell comands like the other scripts. It is an Active Server Page so it runs the query as a local user and doesn't need any type of Remote Data Service to access the DSN. It just requires the default DSN (advworks) set.

http: //server/AdvWorks/equipment/catalog_type.asp?ProductType=|shell("cmd+/c+dir+c:\")|

Scrippie <ronald@grafix.nl> has released the following exploit:

• /data/vulnerabilities/exploits/dsnhack.pl