[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HV-HIGH] Microsoft Jet DB engine vulnerabilities

To: <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: Re: [HV-HIGH] Microsoft Jet DB engine vulnerabilities
From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
Date: Thu, 31 Mar 2005 16:53:03 -0800

How is this a high-level vulnerability when a user must launch the file, simply resulting in possible code execution within that user's interactive credentials? If you're going to get them to launch a file, why not code up a nice juicy .exe for them and not bother with the other stuff?

Or even better, since it's an MDB file, code it up in an Access module- that way it won't even throw an exception.

A bug, yes- a security vulnerability, no.

----- Original Message ----- From: <vuln@xxxxxxxxxxx> To: <full-disclosure@xxxxxxxxxxxxxxxxx>; <bugtraq@xxxxxxxxxxxxxxxxx> Sent: Thursday, March 31, 2005 1:53 PM Subject: [HV-HIGH] Microsoft Jet DB engine vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Microsoft Jet DB engine vulnerabilities

Classification:
===============
Level: low-med-[HIGH]-crit
ID: HEXVIEW*2005*03*31*1
URL: http://www.hexview.com/docs/20050331-1.txt

Follow-Ups:
- Re: [HV-HIGH] Microsoft Jet DB engine vulnerabilities
  - From: Denis Jedig

References:
- [HV-HIGH] Microsoft Jet DB engine vulnerabilities
  - From: vuln

Prev by Date: Re: cPanel/WHM demo account problems
Next by Date: Buffer Overflow within the RUMBA product
Previous by thread: [HV-HIGH] Microsoft Jet DB engine vulnerabilities
Next by thread: Re: [HV-HIGH] Microsoft Jet DB engine vulnerabilities
Index(es):
- Date
- Thread