Microsoft Jet Engine MDB file ColumnName buffer overflow

Added: 11/23/2007
CVE: CVE-2007-6026
BID: 26468
OSVDB: 44880

Background

The Microsoft Jet Database Engine provides data access functionality for a number of applications.

Problem

A buffer overflow vulnerability in the Microsoft Jet Database Engine could lead to command execution when a user opens an MDB file containing a large ColumnName length.

Resolution

Do not open MDB files from untrustworthy sources.

References

http://archives.neohapsis.com/archives/fulldisclosure/2007-11/0392.html

Limitations

Exploit works on Microsoft Access 2000 SP3 and requires a user to download and open an MDB file in Microsoft Access.

Platforms

Windows

Back to exploit index