• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft SQL Server JET Database Engine 4.0 Buffer Overrun Vulnerability

Bugtraq ID:	7541
Class:	Boundary Condition Error
CVE:
Remote:	Yes
Local:	No
Published:	May 09 2003 12:00AM
Updated:	May 09 2003 12:00AM
Credit:	Discovery is credited to "Cesar" <sqlsec@yahoo.com>.
Vulnerable:	Microsoft SQL Server 2000 SP3 Microsoft SQL Server 2000 SP2 Microsoft SQL Server 2000 SP1 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 Microsoft SQL Server 2000 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 Microsoft SQL Server 7.0 SP4 - Microsoft SQL Server 7.0 - Microsoft SQL Server 7.0 Microsoft SQL Server 7.0 SP3 - Microsoft SQL Server 7.0 - Microsoft SQL Server 7.0 Microsoft SQL Server 7.0 SP2 - Microsoft SQL Server 7.0 - Microsoft SQL Server 7.0 Microsoft SQL Server 7.0 SP1 - Microsoft SQL Server 7.0 - Microsoft SQL Server 7.0 Microsoft SQL Server 7.0 - Microsoft BackOffice 4.5 - Microsoft BackOffice 4.5 - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 - Microsoft Windows NT 4.0 Microsoft JET 4.0 SP6 Microsoft JET 4.0 SP5 Microsoft JET 4.0 SP4 Microsoft JET 4.0 SP3 Microsoft JET 4.0 SP2 Microsoft JET 4.0 SP1 Microsoft JET 4.0 + Microsoft Access 2000 + Microsoft Access 2000 Microsoft Data Engine 2000 + Akiva WebBoard 6.1 + BindView bv-Admin for Microsoft Exchange + BindView bv-Admin for Windows 7.0 + BindView bv-Admin for Windows Migration + BindView bv-control for Active Directory 7.0.2 + BindView bv-Control for Internet Security 7.0.1 + BindView bv-Control for Microsoft Exchange 7.0 + BindView bv-Control for Microsoft SQL Server 7.0.1 + BindView bv-Control for Microsoft SQL Server 7.0 + BindView bv-Control for Windows 7.0.2 + CARI-RUSCO Secure Perfect 3.0 + CCH Equity Compliance Insider Reporting Module + Collins Medical Plus 2000 + Computer Associates Unicenter + Computer Associates Unicenter RC/Update 6.1 + Computer Associates Unicenter RC/Update 6.0 + CSIRO BioLink Software 1.5 + DATA.TXT Corporation Time Matters 4.0 + DATA.TXT Corporation Time Matters 3.0 + Dell OpenManage IT Assistant 6.0 + Dell OpenManage IT Assistant 5.0 + Express Metrix Express Software Manager 6.0.2 + Express Metrix Express Software Manager 6.0.1 + Express Metrix Express Software Manager 6.0 + Express Metrix Express Software Manager 5.0 + Fluke Networks Optiview Network Inspector 5.0 + GOST 34.19-2001 Standard Implementation 1.1 + GOST 34.19-2001 Standard Implementation 1.0 SP1 + GOST 34.19-2001 Standard Implementation 1.0 + HP Openview Internet Services 4.5 + HP Openview Internet Services 4.0 + HP Openview Operations for Windows 7.1 + HP Openview Operations for Windows 7.0 + HP Openview Operations for Windows 6.0 + HP Openview Reporter 3.0 + HP Openview Reporter 2.0.2 + ISI Infortel for Windows 5.4 + ISI Infortel for Windows 5.2 + ISI Infortel for Windows 5.1 + ISI Infortel for Windows 4.0 + Journyx Timesheet 5.0 + Journyx Timesheet 4.6 + Journyx Timesheet 4.5 m3 + Journyx Timesheet 4.5 m2 + Journyx Timesheet 4.5 + Journyx Timesheet 2.0 + Microsoft .NET Framework SDK 1.0 + Microsoft Application Center 2000 + Microsoft Biztalk Server 2002 Partner Edition 0 + Microsoft FrontPage 2000 Server Extensions SR 1.3 + Microsoft FrontPage 2000 Server Extensions SR 1.2 + Microsoft FrontPage 2000 Server Extensions SR 1.1 + Microsoft FrontPage 2000 Server Extensions SR 1.0 + Microsoft Great Plains 5.5.1 + Microsoft Great Plains 7.0 + Microsoft Great Plains 5.5 + Microsoft Great Plains 5.0 + Microsoft Office 2000 SP2 + Microsoft Office 2000 SP1 + Microsoft Office 2000 + Microsoft Office 2000 Chinese Version + Microsoft Office 2000 Japanese Version + Microsoft Office 2000 Korean Version + Microsoft Office XP SP1 + Microsoft Office XP + Microsoft Office XP Developer Edition + Microsoft Project Central Server + Microsoft SharePoint Portal Server 2001 SP1 + Microsoft SharePoint Portal Server 2001 + Microsoft SharePoint Team Services from Microsoft + Microsoft SQL Server 2000 SP3 + Microsoft SQL Server 2000 SP2 + Microsoft SQL Server 2000 SP1 + Microsoft SQL Server 2000 + Microsoft Visio 2000 Enterprise Edition + Microsoft Visio Enterprise Network Tools + Microsoft Visual FoxPro 7.0 SP1 + Microsoft Visual FoxPro 7.0 + Microsoft Visual FoxPro 6.0 + Microsoft Visual Studio .NET Academic Edition 0 + Microsoft Visual Studio .NET Enterprise Architect Edition + Microsoft Visual Studio .NET Enterprise Developer Edition + Microsoft Visual Studio .NET Professional Edition + Microsoft Visual Studio .NET Trial Edition 0 + Microsoft Windows Server 2003 Standard Edition + Microsoft Windows XP Embedded SP1 + Microsoft Windows XP Embedded + MIP NonProfit Series Pro 4.5 + MIP NonProfit Series Pro 4.4 + MIP NonProfit Series Pro 4.3 + NetSupport NetSupport TCO 4.5.1 + NetSupport NetSupport TCO 4.5 + Network Associates SupportMagic SQL 4.5 + Okena StormWatch + Peachtree Software Timeslips 11.0 + Peachtree Software Timeslips 10.0 + Peachtree Software Timeslips 9.0 + Peachtree Software Timeslips 9.0 + Peachtree Software Timeslips 8.0 + Peachtree Software Timeslips 7.0 + Peachtree Software Timeslips 6.0 + QiNetix CommVault Galaxy 4.0.1 + SalesLogix Corporation SalesLogix 2000.0 + SmartMax Software MailMax 5.0 + TeleStream FlipFactory 3.0 + TeleStream FlipFactory 2.0 + TeleStream FlipFactory 1.2 + Veritas Software Backup Exec for Windows Servers 9.0 + VIGILANTe SecureScan NX 2.5 + Visionary Systems Firehouse Software 5.4 + Visionary Systems Firehouse Software 5.0.2 5 + Visionary Systems Firehouse Software 5.0 + Visionary Systems Firehouse Software 3.0.5 + Wonderware InTouch 7.11 + Xerox CentreWare Web 1.0 Microsoft Data Engine (MSDE) 1.0 + Affymetrix Microarray Suite Software 5.0.1 + Affymetrix Microarray Suite Software 5.0.1 + Affymetrix Microarray Suite Software 5.0.1 + Affymetrix Microarray Suite Software 5.0 + Affymetrix Microarray Suite Software 5.0 + Affymetrix Microarray Suite Software 5.0 + Altiris Deployment Server 5.5 + Altiris Deployment Server 5.5 + Altiris Deployment Server 5.5 + Altiris Deployment Server 5.0.1 + Altiris Deployment Server 5.0.1 + Altiris Deployment Server 5.0.1 + Centennial UK Ltd Centennial Discovery 4.4 + Centennial UK Ltd Centennial Discovery 4.4 + Centennial UK Ltd Centennial Discovery 4.4 + Compaq Insight Manager 7.0 SP1 + Compaq Insight Manager 7.0 SP1 + Compaq Insight Manager 7.0 SP1 + Compaq Insight Manager 7.0 + Compaq Insight Manager 7.0 + Compaq Insight Manager 7.0 + Gerber Technology WebPDM 3.9 + Gerber Technology WebPDM 3.9 + Gerber Technology WebPDM 3.9 + McAfee ePolicy Orchestrator 2.5 SP1 + McAfee ePolicy Orchestrator 2.5 SP1 + McAfee ePolicy Orchestrator 2.5 SP1 + McAfee ePolicy Orchestrator 2.5 + McAfee ePolicy Orchestrator 2.5 + McAfee ePolicy Orchestrator 2.5 + McAfee ePolicy Orchestrator 2.0 + McAfee ePolicy Orchestrator 2.0 + McAfee ePolicy Orchestrator 2.0 + McAfee ePolicy Orchestrator 1.1 + McAfee ePolicy Orchestrator 1.1 + McAfee ePolicy Orchestrator 1.1 + McAfee ePolicy Orchestrator 1.0 + McAfee ePolicy Orchestrator 1.0 + McAfee ePolicy Orchestrator 1.0 - Microsoft Access 2000 - Microsoft Access 2000 - Microsoft Access 2000 - Microsoft Project Central Server - Microsoft Project Central Server - Microsoft Project Central Server + Microsoft SharePoint Team Services from Microsoft + Microsoft SharePoint Team Services from Microsoft + Microsoft SharePoint Team Services from Microsoft - Microsoft Visual Studio 6.0 - Microsoft Visual Studio 6.0 - Microsoft Visual Studio 6.0 + PowerQuest ControlCenter ST 2.0 + PowerQuest ControlCenter ST 2.0 + PowerQuest ControlCenter ST 2.0 + PPM 2000 Incident Reporting and Investigation Management 5.1 + PPM 2000 Incident Reporting and Investigation Management 5.1 + PPM 2000 Incident Reporting and Investigation Management 5.1 + Research In Motion Blackberry Enterprise Server 2.0 .0.65 + Research In Motion Blackberry Enterprise Server 2.0 .0.65 + Research In Motion Blackberry Enterprise Server 2.0 .0.65 + Trend Micro Control Manager 2.5 + Trend Micro Control Manager 2.5 + Trend Micro Control Manager 2.5 + Trend Micro Damage Cleanup Server 1.0 + Trend Micro Damage Cleanup Server 1.0 + Trend Micro Damage Cleanup Server 1.0 + Vital Processing Services LLC POS-partner 2000 5.0.13 + Vital Processing Services LLC POS-partner 2000 5.0.13 + Vital Processing Services LLC POS-partner 2000 5.0.13 + Vital Processing Services LLC POS-partner 2000 4.1.11 + Vital Processing Services LLC POS-partner 2000 4.1.11 + Vital Processing Services LLC POS-partner 2000 4.1.11 + Websense Reporter 6.3.1 + Websense Reporter 6.3.1 + Websense Reporter 6.3.1
Not Vulnerable:	Microsoft JET 4.0 SP7