Microsoft Jet Database Engine (msjet40.dll) Remote Code Execution

Notification Type: IBM Internet Security Systems Protection Alert
Notification Date: May 13, 2008
Notification Version: 1.0
   
Name: Microsoft Jet Database Engine (msjet40.dll) Remote Code Execution
Public disclosure/
In the wild date:		 March 21, 2008 (vuln disclosure)
Aliases: MS08-028
CVE:

CVE-2007-6026 (formerly known as CVE-2008-1092)
Description: Microsoft Jet Database Engine (msjet40.dll) is vulnerable to a stack-based buffer overflow that could allow remote code execution.  An attacker could exploit this vulnerability by sending a malicious file as an email attachment or by hosting it on a Web site and persuading the victim to click a link.

 

ISS Coverage
Product Content Version
Proventia Network IDS
Proventia Network IPS
Proventia Network MFS
Proventia Server (Linux)
RealSecure Network
RealSecure Server Sensor		 28.050
Proventia Desktop
Proventia Server IPS (Windows)		 2190
Propagation Techniques ISS Protection Available

remote exploit

MDB_Jet_Engine_Stack_Overflow

April 9, 2008

Detailed Description
Business Impact: This vulnerability in the Microsoft Jet Database Engine (JET) was publicly disclosed in late March with reports of targeted exploitation. If a user opens a specially-crafted database file using Jet, it can result in remote code execution. While .mdb is on the Microsoft default unsafe file type list, a Jet database file can be opened from a Word document. Although no public proof of concept code has been published, X-Force considers this to be the most severe vulnerability in the May Microsoft patch release due to the active exploitation that has been seen in the wild.
CVSS Base Score: 9.3
  Access Vector: Network
Access Complexity: Medium
Authentication: None
Confidentiality Impact: Complete
Integrity Impact: Complete
Availability Impact: Complete
Adjusted Temporal Score: 6.9
  Exploitability: Unproven
Remediation Level: Official-Fix
Report Confidence: Confirmed
Affected Products: For a full list of affected versions, see references below.
Technical Description:

Microsoft Jet Database Engine (msjet40.dll) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when parsing an MDB file directly or an MDB file embedded in a Word document. By persuading a victim to open a malicious file, a remote attacker could cause the victim's application to crash or possibly execute arbitrary code on the victim's system with the privileges of the victim. An attacker could exploit this vulnerability by sending the malicious file as an email attachment or by hosting it on a Web site.

Remediation:

Patches are available for this issue. See References for details.

References
XFDB: http://xforce.iss.net/xforce/xfdb/41380
Microsoft: http://www.microsoft.com/technet/security/bulletin/ms08-028.mspx

Revision History
1.0 Initial publication.


About IBM Internet Security Systems
IBM Internet Security Systems is the trusted security advisor to thousands of the world's leading businesses and governments, providing pre-emptive protection for networks, desktops and servers. An established leader in security since 1994, the IBM Proventia® integrated security platform is designed to automatically protect against both known and unknown threats, helping to keep networks up and running and shielding customers from online attacks before they impact business assets. IBM Internet Security Systems products and services are based on the proactive security intelligence of its X-Force® research and development team – the unequivocal world authority in vulnerability and threat research. The Internet Security Systems product line is also complemented by comprehensive Managed Security Services and Professional Security Services. For more information, visit the Internet Security Systems Web site at www.iss.net or call 800-776-2362.