1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. MS Jet Database Malformed MDB File

MS Jet Database Malformed MDB File

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an attempt to exploit a vulnerability in Microsoft Jet Database Engine which may result in remote code execution.

Additional Information

Microsoft Jet Database Engine (Jet) provides data access to various applications such as Microsoft Access, Microsoft Visual Basic, and third-party applications.

Jet is prone to a stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data in 'msjet40.dll'. The vulnerability occurs when parsing the column structure contained in an MDB file. Specifically, When the application copies the column name into a insufficiently sized buffer, a stack overflow can occur.

Remote attackers can exploit this issue to execute arbitrary machine code in the context of a user running the application. Successful exploits will compromise the affected application and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions.

Note that MDB files are typically blocked by Outlook and Internet Explorer.

NOTE: Further details report that attackers are using malicious Word files to load specially crafted MDB files. Microsoft has released a knowledge base article (950627) documenting this attack vector.

Affected

  • This issue does not affect Windows Server 2003 Service Pack 2, Windows XP Service Pack 3, Windows XP x64 edition Server Pack 2, Windows Vista, Windows Vista Service Pack 1 and Windows Server 2008 because they run a version of the Jet Database Engine that isn't vulnerable.
  • This issue does affect Jet Database Engine, Microsoft Word 2000 Service Pack 3, Microsoft Word 2002 Service Pack 3, Microsoft Word 2003 Service Pack 2, Microsoft Word 2003 Service Pack 3, Microsoft Word 2007, and Microsoft Word 2007 Service Pack 1 on Microsoft Windows 2000, Windows XP, or Windows Server 2003 Service Pack 1.

Response

Download and install all vendor patches related to this vulnerability.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube