April 13, 2004
It has been reported that Microsoft Jet Database Engine (Jet) is prone to a remote code execution vulnerability that that may allow remote attackers to execute arbitrary code in order to gain unauthorized access to a vulnerable system. This issue presents itself when a specially crafted database query is sent by an attacker to be interpreted by Jet. A successful attack may allow the attacker to gain complete control of the affected system. Microsoft Jet Database Engine version 4.0 running on various Microsoft operating systems is reported to be vulnerable to this issue.
- Avaya DefinityOne Media Servers
- Avaya IP600 Media Servers
- Avaya S3400 Message Application Server
- Avaya S8100 Media Servers
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP3
- Microsoft Windows 2000 Advanced Server SP4
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP3
- Microsoft Windows 2000 Datacenter Server SP4
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Professional SP4
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP3
- Microsoft Windows 2000 Server SP4
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows Server 2003 Datacenter Edition
- Microsoft Windows Server 2003 Datacenter Edition Itanium
- Microsoft Windows Server 2003 Enterprise Edition
- Microsoft Windows Server 2003 Enterprise Edition Itanium
- Microsoft Windows Server 2003 Standard Edition
- Microsoft Windows Server 2003 Web Edition
- Microsoft Windows XP 64-bit Edition SP1
- Microsoft Windows XP 64-bit Edition Version 2003
- Microsoft Windows XP 64-bit Edition Version 2003 SP1
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Professional SP1
Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Network intrusion detection systems may highlight malicious or anomalous activity. IDS logs should be audited on a regular basis to detect exploitation attempts.
Use access control lists to enhance security.
Using database access control to limit access to the database may prevent against a successful attack. It should be noted that third party applications using Jet could be employed to launch a successful attack via techniques such as SQL Injection.
Avaya has released an advisory to announce that Avaya System Products shipping on Microsoft platforms are also affected by this vulnerability. Avaya advise that customers follow the Microsoft recommendations for the resolution of this issue. The aforementioned advisory can be viewed at the following location: http://support.avaya.com/japple/css/japple?temp.groupID=&temp.selectedFamily=128451&temp.selectedProduct=154235&temp.selectedBucket=126655&temp.feedbackState=askForFeedback&temp.documentID=161384&PAGE=avaya.css.CSSLvl1Detail&executeTransaction=avaya.css.UsageUpdate() Microsoft has released a security bulletin MS04-014 with fixes to address this issue. Please see the referenced bulletin for more information. Users are advised to consider the following requirements before installing the updates: -For Windows 2000, the security update requires Service Pack 2 (SP2), Service Pack 3 (SP3), or Service Pack 4 (SP4). -For Windows NT, the security update requires Windows NT Workstation 4.0 Service Pack 6a (SP6a), Windows NT Server 4.0 Service Pack 6a (SP6a), or Windows NT Server 4.0 Terminal Server Edition Service Pack 6 (SP6). US-CERT has released an advisory TA04-104A to address this and other issues. Please see the referenced advisory for more information. Microsoft has revised their security bulletin to provide updated fixes for localized versions of Microsoft Windows XP. This corrects an error with displaying localized Jet optional text error information. Please see the attached advisory for further information.
Discovery is credited to Matt Thompson of Aberdeen IT <http://www.aberdeenit.com/>.
© 1995- Symantec Corporation
Permission to redistribute this alert electronically is granted as long as it is not edited in any way unless authorized by Symantec Security Response. Reprinting the whole or part of this alert in any medium other than electronically requires permission from email@example.com.
The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
Symantec, Symantec products, Symantec Security Response, and firstname.lastname@example.org are registered trademarks of Symantec Corp. and/or affiliated companies in the United States and other countries. All other registered and unregistered trademarks represented in this document are the sole property of their respective companies/owners.