cvelistv5 - cve-2007-6026

CVE-2007-6026 (GCVE-0-2007-6026)

Vulnerability from cvelistv5 – Published: 2007-11-20 00:00 – Updated: 2024-08-07 15:54

Summary

Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count. NOTE: this might be the same issue as CVE-2005-0944.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://dvlabs.tippingpoint.com/advisory/TPTI-08-04	x_refsource_MISC
	http://www.kb.cert.org/vuls/id/936529	third-party-advisoryx_refsource_CERT-VN
	http://www.securityfocus.com/archive/1/483858/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/archive/1/483888/100…	mailing-listx_refsource_BUGTRAQ
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	http://securityreason.com/securityalert/3376	third-party-advisoryx_refsource_SREASON
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.securityfocus.com/archive/1/492019/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/bid/28398	vdb-entryx_refsource_BID
	http://marc.info/?l=bugtraq&m=121129490723574&w=2	vendor-advisoryx_refsource_HP
	http://lists.grok.org.uk/pipermail/full-disclosur…	mailing-listx_refsource_FULLDISC
	http://www.securityfocus.com/bid/26468	vdb-entryx_refsource_BID
	http://www.securityfocus.com/archive/1/483887/100…	mailing-listx_refsource_BUGTRAQ
	http://www.us-cert.gov/cas/techalerts/TA08-134A.html	third-party-advisoryx_refsource_CERT
	http://ruder.cdut.net/blogview.asp?logID=227	x_refsource_MISC
	http://www.securitytracker.com/id?1018976	vdb-entryx_refsource_SECTRACK
	http://marc.info/?l=bugtraq&m=121129490723574&w=2	vendor-advisoryx_refsource_HP
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securityfocus.com/archive/1/483797/100…	mailing-listx_refsource_BUGTRAQ

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:54:26.167Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-08-04"
          },
          {
            "name": "VU#936529",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/936529"
          },
          {
            "name": "20071116 Re: Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/483858/100/100/threaded"
          },
          {
            "name": "20071118 Re: [Full-disclosure] Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/483888/100/100/threaded"
          },
          {
            "name": "MS08-028",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-028"
          },
          {
            "name": "3376",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3376"
          },
          {
            "name": "oval:org.mitre.oval:def:5578",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5578"
          },
          {
            "name": "20080513 TPTI-08-04: Microsoft Office Jet Database Engine Column Parsing Stack Overflow Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/492019/100/0/threaded"
          },
          {
            "name": "28398",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28398"
          },
          {
            "name": "SSRT080071",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
          },
          {
            "name": "20071116 Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-November/058531.html"
          },
          {
            "name": "26468",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26468"
          },
          {
            "name": "20071117 Re: Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/483887/100/100/threaded"
          },
          {
            "name": "TA08-134A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-134A.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://ruder.cdut.net/blogview.asp?logID=227"
          },
          {
            "name": "1018976",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018976"
          },
          {
            "name": "HPSBST02336",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
          },
          {
            "name": "microsoft-jet-engine-mdb-bo(38499)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38499"
          },
          {
            "name": "20071116 Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/483797/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-11-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count.  NOTE: this might be the same issue as CVE-2005-0944."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-08-04"
        },
        {
          "name": "VU#936529",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/936529"
        },
        {
          "name": "20071116 Re: Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/483858/100/100/threaded"
        },
        {
          "name": "20071118 Re: [Full-disclosure] Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/483888/100/100/threaded"
        },
        {
          "name": "MS08-028",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-028"
        },
        {
          "name": "3376",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3376"
        },
        {
          "name": "oval:org.mitre.oval:def:5578",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5578"
        },
        {
          "name": "20080513 TPTI-08-04: Microsoft Office Jet Database Engine Column Parsing Stack Overflow Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/492019/100/0/threaded"
        },
        {
          "name": "28398",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28398"
        },
        {
          "name": "SSRT080071",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
        },
        {
          "name": "20071116 Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-November/058531.html"
        },
        {
          "name": "26468",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26468"
        },
        {
          "name": "20071117 Re: Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/483887/100/100/threaded"
        },
        {
          "name": "TA08-134A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-134A.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://ruder.cdut.net/blogview.asp?logID=227"
        },
        {
          "name": "1018976",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018976"
        },
        {
          "name": "HPSBST02336",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
        },
        {
          "name": "microsoft-jet-engine-mdb-bo(38499)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38499"
        },
        {
          "name": "20071116 Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/483797/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-6026",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count.  NOTE: this might be the same issue as CVE-2005-0944."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://dvlabs.tippingpoint.com/advisory/TPTI-08-04",
              "refsource": "MISC",
              "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-08-04"
            },
            {
              "name": "VU#936529",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/936529"
            },
            {
              "name": "20071116 Re: Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/483858/100/100/threaded"
            },
            {
              "name": "20071118 Re: [Full-disclosure] Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/483888/100/100/threaded"
            },
            {
              "name": "MS08-028",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-028"
            },
            {
              "name": "3376",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3376"
            },
            {
              "name": "oval:org.mitre.oval:def:5578",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5578"
            },
            {
              "name": "20080513 TPTI-08-04: Microsoft Office Jet Database Engine Column Parsing Stack Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/492019/100/0/threaded"
            },
            {
              "name": "28398",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/28398"
            },
            {
              "name": "SSRT080071",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
            },
            {
              "name": "20071116 Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability",
              "refsource": "FULLDISC",
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-November/058531.html"
            },
            {
              "name": "26468",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26468"
            },
            {
              "name": "20071117 Re: Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/483887/100/100/threaded"
            },
            {
              "name": "TA08-134A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-134A.html"
            },
            {
              "name": "http://ruder.cdut.net/blogview.asp?logID=227",
              "refsource": "MISC",
              "url": "http://ruder.cdut.net/blogview.asp?logID=227"
            },
            {
              "name": "1018976",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018976"
            },
            {
              "name": "HPSBST02336",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
            },
            {
              "name": "microsoft-jet-engine-mdb-bo(38499)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38499"
            },
            {
              "name": "20071116 Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/483797/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-6026",
    "datePublished": "2007-11-20T00:00:00",
    "dateReserved": "2007-11-19T00:00:00",
    "dateUpdated": "2024-08-07T15:54:26.167Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:jet:4.0.8618.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2CDE7537-9B00-4699-81DD-46F4470F701B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"60EC86B8-5C8C-4873-B364-FB1F8EFE1CFF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E53CDA8E-50A8-4509-B070-CCA5604FFB21\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B339C33-8896-4896-88FF-88E74FDBC543\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count.  NOTE: this might be the same issue as CVE-2005-0944.\"}, {\"lang\": \"es\", \"value\": \"Un desbordamiento del b\\u00fafer en la regi\\u00f3n stack de la memoria en Microsoft msjet40.dll versi\\u00f3n 4.0.8618.0 (tambi\\u00e9n se conoce como Microsoft Jet Engine), como es usado por Access 2003 en Microsoft Office 2003 SP3, permite a atacantes asistidos por el usuario ejecutar c\\u00f3digo arbitrario por medio de un archivo de base de datos de archivos MDB que contiene una estructura de columnas con un conteo de columnas modificado. NOTA: este podr\\u00eda ser el mismo problema que CVE-2005-0944.\"}]",
      "id": "CVE-2007-6026",
      "lastModified": "2024-11-21T00:39:12.190",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2007-11-20T00:46:00.000",
      "references": "[{\"url\": \"http://dvlabs.tippingpoint.com/advisory/TPTI-08-04\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.grok.org.uk/pipermail/full-disclosure/2007-November/058531.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://ruder.cdut.net/blogview.asp?logID=227\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securityreason.com/securityalert/3376\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/936529\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/483797/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/483858/100/100/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/483887/100/100/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/483888/100/100/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/492019/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/26468\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/28398\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1018976\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA08-134A.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-028\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/38499\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5578\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://dvlabs.tippingpoint.com/advisory/TPTI-08-04\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.grok.org.uk/pipermail/full-disclosure/2007-November/058531.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://ruder.cdut.net/blogview.asp?logID=227\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securityreason.com/securityalert/3376\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/936529\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/483797/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/483858/100/100/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/483887/100/100/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/483888/100/100/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/492019/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/26468\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/28398\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1018976\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA08-134A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-028\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/38499\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5578\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-6026\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-11-20T00:46:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count.  NOTE: this might be the same issue as CVE-2005-0944.\"},{\"lang\":\"es\",\"value\":\"Un desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria en Microsoft msjet40.dll versi\u00f3n 4.0.8618.0 (tambi\u00e9n se conoce como Microsoft Jet Engine), como es usado por Access 2003 en Microsoft Office 2003 SP3, permite a atacantes asistidos por el usuario ejecutar c\u00f3digo arbitrario por medio de un archivo de base de datos de archivos MDB que contiene una estructura de columnas con un conteo de columnas modificado. NOTA: este podr\u00eda ser el mismo problema que CVE-2005-0944.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:jet:4.0.8618.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CDE7537-9B00-4699-81DD-46F4470F701B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60EC86B8-5C8C-4873-B364-FB1F8EFE1CFF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E53CDA8E-50A8-4509-B070-CCA5604FFB21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B339C33-8896-4896-88FF-88E74FDBC543\"}]}]}],\"references\":[{\"url\":\"http://dvlabs.tippingpoint.com/advisory/TPTI-08-04\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.grok.org.uk/pipermail/full-disclosure/2007-November/058531.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://ruder.cdut.net/blogview.asp?logID=227\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securityreason.com/securityalert/3376\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/936529\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/archive/1/483797/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/483858/100/100/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/483887/100/100/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/483888/100/100/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/492019/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/26468\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/28398\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1018976\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA08-134A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-028\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/38499\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5578\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://dvlabs.tippingpoint.com/advisory/TPTI-08-04\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.grok.org.uk/pipermail/full-disclosure/2007-November/058531.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://ruder.cdut.net/blogview.asp?logID=227\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/securityalert/3376\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/936529\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/archive/1/483797/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/483858/100/100/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/483887/100/100/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/483888/100/100/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/492019/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/26468\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/28398\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1018976\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA08-134A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-028\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/38499\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5578\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2008-AVI-244

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans Microsoft Jet Database Engine permet à un utilisateur malintentionné d'exécuter du code arbitraire à distance.

Description

Une vulnérabilité de type débordement de mémoire affecte Microsoft Jet Database Engine. Son exploitation permet à une personne malintentionnée d'exécuter du code arbitraire à distance avec les droits de l'utilisateur.

La vulnérabilité peut être exploitée par le biais d'un fichier au format Word (.doc) qui appelle un fichier de base de données (.mdb) spécifiquement construit.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Windows XP service pack 2 et XP professionnal x64 Edition ;
Microsoft	Windows	Windows 2000 service pack 4 ;
Microsoft	Windows	Windows Server 2003 service pack 1, 2003 x64 Edition et 2003 service pack 1 pour Itanium.

References

Title

Publication Time

Tags

Bulletin Microsoft MS08-028 du 13 mai 2008	None	vendor-advisory
Document du CERTA CERTA-2008-ALE-005 du 26 mars 2008 :	-	other
Bulletin de sécurité Microsoft MS08-028 du 13 mai 2008 :	-	other
Bulletin de sécurité Microsoft MS08-028 du 13 mai 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Windows XP service pack 2 et XP professionnal x64 Edition ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 2000 service pack 4 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2003 service pack 1, 2003 x64 Edition et 2003 service pack 1 pour Itanium.",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 de type d\u00e9bordement de m\u00e9moire affecte Microsoft Jet\nDatabase Engine. Son exploitation permet \u00e0 une personne malintentionn\u00e9e\nd\u0027ex\u00e9cuter du code arbitraire \u00e0 distance avec les droits de\nl\u0027utilisateur.\n\nLa vuln\u00e9rabilit\u00e9 peut \u00eatre exploit\u00e9e par le biais d\u0027un fichier au format\nWord (.doc) qui appelle un fichier de base de donn\u00e9es (.mdb)\nsp\u00e9cifiquement construit.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-6026",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6026"
    }
  ],
  "links": [
    {
      "title": "Document du CERTA CERTA-2008-ALE-005 du 26 mars 2008 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2008-ALE-005/index.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS08-028 du 13 mai 2008 :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS08-028.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS08-028 du 13 mai 2008 :",
      "url": "http://www.microsoft.com/france/technet/security/Bulletin/MS08-028.mspx"
    }
  ],
  "reference": "CERTA-2008-AVI-244",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-05-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans \u003cspan class=\"textit\"\u003eMicrosoft\u003c/span\u003e Jet\nDatabase Engine permet \u00e0 un utilisateur malintentionn\u00e9 d\u0027ex\u00e9cuter du\ncode arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Jet Database Engine",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin Microsoft MS08-028 du 13 mai 2008",
      "url": null
    }
  ]
}

CERTA-2008-AVI-244

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans Microsoft Jet Database Engine permet à un utilisateur malintentionné d'exécuter du code arbitraire à distance.

Description

La vulnérabilité peut être exploitée par le biais d'un fichier au format Word (.doc) qui appelle un fichier de base de données (.mdb) spécifiquement construit.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Windows XP service pack 2 et XP professionnal x64 Edition ;
Microsoft	Windows	Windows 2000 service pack 4 ;
Microsoft	Windows	Windows Server 2003 service pack 1, 2003 x64 Edition et 2003 service pack 1 pour Itanium.

References

Title

Publication Time

Tags

Bulletin Microsoft MS08-028 du 13 mai 2008	None	vendor-advisory
Document du CERTA CERTA-2008-ALE-005 du 26 mars 2008 :	-	other
Bulletin de sécurité Microsoft MS08-028 du 13 mai 2008 :	-	other
Bulletin de sécurité Microsoft MS08-028 du 13 mai 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Windows XP service pack 2 et XP professionnal x64 Edition ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 2000 service pack 4 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2003 service pack 1, 2003 x64 Edition et 2003 service pack 1 pour Itanium.",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 de type d\u00e9bordement de m\u00e9moire affecte Microsoft Jet\nDatabase Engine. Son exploitation permet \u00e0 une personne malintentionn\u00e9e\nd\u0027ex\u00e9cuter du code arbitraire \u00e0 distance avec les droits de\nl\u0027utilisateur.\n\nLa vuln\u00e9rabilit\u00e9 peut \u00eatre exploit\u00e9e par le biais d\u0027un fichier au format\nWord (.doc) qui appelle un fichier de base de donn\u00e9es (.mdb)\nsp\u00e9cifiquement construit.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-6026",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6026"
    }
  ],
  "links": [
    {
      "title": "Document du CERTA CERTA-2008-ALE-005 du 26 mars 2008 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2008-ALE-005/index.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS08-028 du 13 mai 2008 :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS08-028.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS08-028 du 13 mai 2008 :",
      "url": "http://www.microsoft.com/france/technet/security/Bulletin/MS08-028.mspx"
    }
  ],
  "reference": "CERTA-2008-AVI-244",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-05-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans \u003cspan class=\"textit\"\u003eMicrosoft\u003c/span\u003e Jet\nDatabase Engine permet \u00e0 un utilisateur malintentionn\u00e9 d\u0027ex\u00e9cuter du\ncode arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Jet Database Engine",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin Microsoft MS08-028 du 13 mai 2008",
      "url": null
    }
  ]
}

GHSA-2R22-4XGM-WJG8

Vulnerability from github – Published: 2022-05-01 18:39 – Updated: 2022-05-01 18:39

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-6026"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-11-20T00:46:00Z",
    "severity": "HIGH"
  },
  "details": "Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count.  NOTE: this might be the same issue as CVE-2005-0944.",
  "id": "GHSA-2r22-4xgm-wjg8",
  "modified": "2022-05-01T18:39:03Z",
  "published": "2022-05-01T18:39:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6026"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-028"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38499"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5578"
    },
    {
      "type": "WEB",
      "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-08-04"
    },
    {
      "type": "WEB",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-November/058531.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://ruder.cdut.net/blogview.asp?logID=227"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/3376"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/936529"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/483797/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/483858/100/100/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/483887/100/100/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/483888/100/100/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/492019/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/26468"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/28398"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1018976"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-134A.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2007-6026

Vulnerability from fkie_nvd - Published: 2007-11-20 00:46 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://dvlabs.tippingpoint.com/advisory/TPTI-08-04
cve@mitre.org	http://lists.grok.org.uk/pipermail/full-disclosure/2007-November/058531.html
cve@mitre.org	http://marc.info/?l=bugtraq&m=121129490723574&w=2
cve@mitre.org	http://ruder.cdut.net/blogview.asp?logID=227
cve@mitre.org	http://securityreason.com/securityalert/3376
cve@mitre.org	http://www.kb.cert.org/vuls/id/936529	US Government Resource
cve@mitre.org	http://www.securityfocus.com/archive/1/483797/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/483858/100/100/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/483887/100/100/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/483888/100/100/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/492019/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/26468
cve@mitre.org	http://www.securityfocus.com/bid/28398
cve@mitre.org	http://www.securitytracker.com/id?1018976
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA08-134A.html	US Government Resource
cve@mitre.org	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-028
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/38499
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5578
af854a3a-2127-422b-91ae-364da2661108	http://dvlabs.tippingpoint.com/advisory/TPTI-08-04
af854a3a-2127-422b-91ae-364da2661108	http://lists.grok.org.uk/pipermail/full-disclosure/2007-November/058531.html
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=121129490723574&w=2
af854a3a-2127-422b-91ae-364da2661108	http://ruder.cdut.net/blogview.asp?logID=227
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/3376
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/936529	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/483797/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/483858/100/100/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/483887/100/100/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/483888/100/100/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/492019/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/26468
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/28398
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1018976
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA08-134A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-028
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/38499
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5578

Impacted products

Vendor	Product	Version
microsoft	jet	4.0.8618.0
microsoft	office	2003
microsoft	windows_2000	*
microsoft	windows_2003_server	*
microsoft	windows_nt	4.0
microsoft	windows_xp	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:jet:4.0.8618.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CDE7537-9B00-4699-81DD-46F4470F701B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "60EC86B8-5C8C-4873-B364-FB1F8EFE1CFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E53CDA8E-50A8-4509-B070-CCA5604FFB21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count.  NOTE: this might be the same issue as CVE-2005-0944."
    },
    {
      "lang": "es",
      "value": "Un desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria en Microsoft msjet40.dll versi\u00f3n 4.0.8618.0 (tambi\u00e9n se conoce como Microsoft Jet Engine), como es usado por Access 2003 en Microsoft Office 2003 SP3, permite a atacantes asistidos por el usuario ejecutar c\u00f3digo arbitrario por medio de un archivo de base de datos de archivos MDB que contiene una estructura de columnas con un conteo de columnas modificado. NOTA: este podr\u00eda ser el mismo problema que CVE-2005-0944."
    }
  ],
  "id": "CVE-2007-6026",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-11-20T00:46:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-08-04"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-November/058531.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://ruder.cdut.net/blogview.asp?logID=227"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/3376"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/936529"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/483797/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/483858/100/100/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/483887/100/100/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/483888/100/100/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/492019/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/26468"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/28398"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1018976"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-134A.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-028"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38499"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5578"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-08-04"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-November/058531.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://ruder.cdut.net/blogview.asp?logID=227"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/3376"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/936529"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/483797/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/483858/100/100/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/483887/100/100/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/483888/100/100/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/492019/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/26468"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/28398"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018976"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-134A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-028"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38499"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5578"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2007-6026

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-6026

Aliases

CVE-2007-6026

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-6026",
    "description": "Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count.  NOTE: this might be the same issue as CVE-2005-0944.",
    "id": "GSD-2007-6026"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-6026"
      ],
      "details": "Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count.  NOTE: this might be the same issue as CVE-2005-0944.",
      "id": "GSD-2007-6026",
      "modified": "2023-12-13T01:21:38.718681Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-6026",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count.  NOTE: this might be the same issue as CVE-2005-0944."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://dvlabs.tippingpoint.com/advisory/TPTI-08-04",
            "refsource": "MISC",
            "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-08-04"
          },
          {
            "name": "VU#936529",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/936529"
          },
          {
            "name": "20071116 Re: Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/483858/100/100/threaded"
          },
          {
            "name": "20071118 Re: [Full-disclosure] Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/483888/100/100/threaded"
          },
          {
            "name": "MS08-028",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-028"
          },
          {
            "name": "3376",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/3376"
          },
          {
            "name": "oval:org.mitre.oval:def:5578",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5578"
          },
          {
            "name": "20080513 TPTI-08-04: Microsoft Office Jet Database Engine Column Parsing Stack Overflow Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/492019/100/0/threaded"
          },
          {
            "name": "28398",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/28398"
          },
          {
            "name": "SSRT080071",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
          },
          {
            "name": "20071116 Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability",
            "refsource": "FULLDISC",
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-November/058531.html"
          },
          {
            "name": "26468",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/26468"
          },
          {
            "name": "20071117 Re: Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/483887/100/100/threaded"
          },
          {
            "name": "TA08-134A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-134A.html"
          },
          {
            "name": "http://ruder.cdut.net/blogview.asp?logID=227",
            "refsource": "MISC",
            "url": "http://ruder.cdut.net/blogview.asp?logID=227"
          },
          {
            "name": "1018976",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1018976"
          },
          {
            "name": "HPSBST02336",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
          },
          {
            "name": "microsoft-jet-engine-mdb-bo(38499)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38499"
          },
          {
            "name": "20071116 Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/483797/100/0/threaded"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:jet:4.0.8618.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-6026"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count.  NOTE: this might be the same issue as CVE-2005-0944."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20071116 Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-November/058531.html"
            },
            {
              "name": "http://ruder.cdut.net/blogview.asp?logID=227",
              "refsource": "MISC",
              "tags": [],
              "url": "http://ruder.cdut.net/blogview.asp?logID=227"
            },
            {
              "name": "26468",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/26468"
            },
            {
              "name": "1018976",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1018976"
            },
            {
              "name": "3376",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/3376"
            },
            {
              "name": "VU#936529",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/936529"
            },
            {
              "name": "http://dvlabs.tippingpoint.com/advisory/TPTI-08-04",
              "refsource": "MISC",
              "tags": [],
              "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-08-04"
            },
            {
              "name": "TA08-134A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-134A.html"
            },
            {
              "name": "28398",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/28398"
            },
            {
              "name": "SSRT080071",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
            },
            {
              "name": "microsoft-jet-engine-mdb-bo(38499)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38499"
            },
            {
              "name": "oval:org.mitre.oval:def:5578",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5578"
            },
            {
              "name": "MS08-028",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-028"
            },
            {
              "name": "20080513 TPTI-08-04: Microsoft Office Jet Database Engine Column Parsing Stack Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/492019/100/0/threaded"
            },
            {
              "name": "20071118 Re: [Full-disclosure] Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/483888/100/100/threaded"
            },
            {
              "name": "20071117 Re: Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/483887/100/100/threaded"
            },
            {
              "name": "20071116 Re: Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/483858/100/100/threaded"
            },
            {
              "name": "20071116 Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/483797/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-15T21:49Z",
      "publishedDate": "2007-11-20T00:46Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-6026 (GCVE-0-2007-6026)

CERTA-2008-AVI-244

Description

Solution

CERTA-2008-AVI-244

Description

Solution

GHSA-2R22-4XGM-WJG8

FKIE_CVE-2007-6026

GSD-2007-6026

Tags

Sightings

Nomenclature