Welcome to P2PNET.net - The original daily p2p and digital news site. Always First!
Register | Login
RIAA News
Cool Stuff
MPAA News
Games / Consoles
News
Music
Movies
TV
Open Source
Mobiles
Advertising
Product News
P2P
Off Topic
Freedom
Politics
Interviews
Security
DRM
Links
Kids and Kartels
Search: 
Search
 
Web P2PNET   
   Search: 
Search
Torrent Site Tracker
Teksavvy
 
Add real-time p2pnet headlines to YOUR site ! Click here to download our newsfeed code
p2pnet - rss feed: http://p2pnet.net/p2p.rss | p2pnet celebrities: http://p2pnet.net/celeb.rss | Mobile? http://p2pnet.net/index-wml.php

Highly Critical MS Jet flaw

p2pnet.net News:- HexView has released details about a Highly Critical vulnerability in the Microsoft Jet Database Engine which could be exploited by hackers to compromise a vulnerable system.

"Microsoft Jet database is a lightweight database widely used by MS Office applications. msjet40.dll is the main component of the Microsoft Jet database engine which evaluates and carries out requests for data," it says. "The library handles reading and writing of the data for Microsoft Access databases.

"HexView noticed multiple occurrences where file data was not validated or improperly validated leading to system crashes, null pointer memory access conditions, and arbitrary code execution. This advisory is focused on just one vulnerability that we confirmed to be exploitable."

Exploit code has already been posted to a public mailing list but Microsoft didn’t include a patch in its latest security updates, reports Secunia.

With this in mind, “Users are therefore recommended not to open untrusted ‘.mdb’ database files,” it says.

The vulnerability is caused due to a memory handling error which can be exploited to execute arbitrary code by tricking a user into opening a specially crafted ".mdb" file in Microsoft Access, says Secunia.

Affected operating systems include:

  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Datacenter Server
  • Microsoft Windows 2000 Professional
  • Microsoft Windows 2000 Server
  • Microsoft Windows XP Home Edition
  • Microsoft Windows XP Professional

Affected Software includes:

  • Microsoft Access 2000
  • Microsoft Access 2002
  • Microsoft Access 2003
  • Microsoft Office 2000
  • Microsoft Office 2003 Professional Edition
  • Microsoft Office 2003 Small Business Edition
  • Microsoft Office 2003 Standard Edition

Something you think we should know? tips[at]p2pnet.net

See:-
HexView - Microsoft Jet DB engine vulnerabilities, HexView, April 12, 2005
security updates - MS ‘critical flaw’ updates, p2pnet, April 13, 2005
Secunia - Microsoft Jet Database Engine Database File Parsing Vulnerability, April 12, 2005

This entry was posted on Thursday, April 14th, 2005 at 4:30 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HOME

Viewed 2110 times

« previous 1st PyMusique, now Musik
Ripping from the radio: II next »

Leave a Reply
    Advertisments
MP3rocket