Microsoft Windows JET Database Engine Remote Code Execution Vulnerability
BID:105376
Info
Microsoft Windows JET Database Engine Remote Code Execution Vulnerability
| Bugtraq ID: | 105376 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 20 2018 12:00AM |
| Updated: | Sep 20 2018 12:00AM |
| Credit: | Lucas Leong (@_wmliang_) of Trend Micro Security Research |
| Vulnerable: |
Microsoft Windows 7 0 |
| Not Vulnerable: | |
Discussion
Microsoft Windows JET Database Engine Remote Code Execution Vulnerability
Microsoft Windows JET Database Engine is prone to a remote code-execution vulnerability.
Attackers can exploit this issue to execute arbitrary code in the context of the current process. Failed attacks will cause denial-of-service conditions.
Microsoft Windows JET Database Engine is prone to a remote code-execution vulnerability.
Attackers can exploit this issue to execute arbitrary code in the context of the current process. Failed attacks will cause denial-of-service conditions.
Exploit / POC
Microsoft Windows JET Database Engine Remote Code Execution Vulnerability
The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.
The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.
Solution / Fix
Microsoft Windows JET Database Engine Remote Code Execution Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Microsoft Windows JET Database Engine Remote Code Execution Vulnerability
References:
References:
- Microsoft Homepage (Microsoft)
- (0Day) Microsoft Windows Jet Database Engine Out-Of-Bounds Write Remote Code Exe (Zero Day Initiative)
- ZDI-CAN-6135: A REMOTE CODE EXECUTION VULNERABILITY IN THE MICROSOFT WINDOWS (Zero Day Initiative)