Bugtraq mailing list archives
Re: [Full-disclosure] Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability
From: jf <jf () danglingpointers net>
Date: Sun, 18 Nov 2007 08:27:29 +0000 (UTC)
is it? If I recall correctly, the hexview advisory was the result of something like a word-to-byte truncation followed by a byte sign-extension (but its been long enough that I may be misremembering it) In this advisory it was not entirely clear what the condition was, from what I remember reading of it the other day, it didn't get into how/why, it just like used ecx or a register as a counter but didn't show how it came to that value? Whats interesting is that the hexview patching the bug itself is trivial from the assembly (not taking into account the work encountered from bin patching itself) and I know many organizations attempted to put a lot of pressure to get it patched and failed to do so On Sun, 18 Nov 2007, Juha-Matti Laurio wrote:
Date: Sun, 18 Nov 2007 01:58:02 +0200 (EET) From: Juha-Matti Laurio <juha-matti.laurio () netti fi> To: CaseArmour.net Security Administrator <security () casearmour net>, bugtraq () securityfocus com, frankruder () hotmail com, full-disclosure () lists grok org uk Subject: Re: [Full-disclosure] Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability There is a well-known unpatched code execution type vulnerability reported originally in msjet40.dll version 4.00.8618.0 too. This issue reported by HexView is known since March 2005: http://www.securityfocus.com/bid/12960 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0944 We probably don't see a fix for this issue. - Juha-Matti "CaseArmour.net Security Administrator" <security () casearmour net> kirjoitti:It would be useful to know if this is also an issue with msjet40.dll 4.0.9510.0 (Windows Server 2003 SP2 + hotfixes). I have an installer for Windows XP SP2 that -- seems -- to cleanly apply Windows Server 2003 SP2's MDAC 2.82. I haven't been able to give it a serious, hard testing because I don't have many apps that still use MDAC. On Fri, 16 Nov 2007 19:25:29 +0800, "cocoruder" <cocoruder () gmail com> said:(C:\Windows\System32\msjet40.dll, version is 4.0.8618.0)_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability cocoruder (Nov 16)
- Re: Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability CaseArmour.net Security Administrator (Nov 17)
- <Possible follow-ups>
- Re: Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability Juha-Matti Laurio (Nov 19)
- Re: [Full-disclosure] Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability jf (Nov 19)