Microsoft Jet Database Engine Malformed Database File Buffer Overflow Vulnerability

Microsoft Jet Database Engine is vulnerable to a buffer-overflow vulnerability because the library fails to properly bounds-check the contents of user-supplied database files.

Attackers may exploit this vulnerability to execute arbitrary machine code in the context of the victim trying to access a malicious Jet database file.

This vulnerability is reported to reside in the 'msjet40.dll' library, version 4.00.8618.0. Older versions may also be affected. The 'msjetole40.dll' OLE (Object Linking and Embedding) library is reportedly immune to this vulnerability.

The Backdoor.Hesive trojan is reported to employ this vulnerability to install itself on vulnerable computers. Please see the web reference for more information.


 

Privacy Statement
Copyright 2010, SecurityFocus