CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
March 22nd, 2008

Word Vulnerability In Microsoft Jet Database

Microsoft has released a security advisory on a vulnerability in the Microsoft Jet Database Engine that can be exploited through Microsoft Word. In several recent attacks, exploits were crafted to attack an MS Jet Database vulnerability through Word.  The Word docs are coded to reference Access database files regardless of extension (which allows attackers to circumvent content filters looking for specific email attachment extensions).

This is a code execution vulnerability caused by a buffer overrun in msjet40.dll, the Microsoft Jet Database Engine. An attacker can exploit this vulnerability by convincing a user to open a Word file that is constructed to load the specially crafted database file using msjet40.dll. In another slightly different scenario, the user receives an email message with 2 attachments (one of which is a Word document). Email client saves the attachments to the same directory and when the user opens the Word document, it in turn opens an Access database containing the exploit code. In another scenario the attackers have archived both the database and Word document in a ZIP file, but the principle is the same.

If the version of Msjet40.dll is lower than 4.0.9505.0, you have a vulnerable version of the Microsoft Jet Database Engine.
Operating systems vulnerable to these attacks: Microsoft Word 2000 SP3, Microsoft Word 2002 SP3, Microsoft Word 2003 SP2, Microsoft Word 2003 SP3, Microsoft Word 2007, and Microsoft Word 2007 SP1 on Microsoft Windows 2000, Windows XP, Windows Server 2003 SP1.

System that are not vulnerable: Windows Server 2003 SP2, Windows Vista and Windows Vista SP1. Those systems include a version of the Microsoft Jet Database Engine that is not vulnerable to this issue.

Recommendation: Do not open or save Word files that you receive from untrusted sources or that you receive unexpectedly from trusted sources. This vulnerability could be exploited when a user opens a specially crafted Word file.

http://www.microsoft.com/technet/security/advisory/950627.mspx

Share this article with others:

More on CyberInsecure:
  • Microsoft Patches Critical Database And Office Flaws
  • CA BrightStor Users Under Attack
  • BSDNews.com Hacked And Members Information Publicly Exposed
  • Microsoft Word Unspecified Remote Code Execution Vulnerability
  • Vulnerabilities Of Non Executable File Formats In The Wild

    • Posted in Microsoft, Vulnerabilities | Print This Post Print This Post

    This entry was posted on Saturday, March 22nd, 2008 at 11:02 am and is filed under Microsoft, Vulnerabilities. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Word Vulnerability In Microsoft Jet Database

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »