[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Microsoft Jet Engine MDB File Parsing StackOverflow Vulnerability

To: <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] Microsoft Jet Engine MDB File Parsing StackOverflow Vulnerability
From: "Peter Ferrie" <pferrie@xxxxxxxxxxxx>
Date: Sat, 17 Nov 2007 11:19:27 -0700

>It would be useful to know if this is also an issue with msjet40.dll
>4.0.9510.0 (Windows Server 2003 SP2 + hotfixes).

In any case, Microsoft will still say that it won't be fixed.
Their policy is apparently to just blacklist some file types and provide no 
fixes for them.  HLP, for example, has several arbitrary code execution vulns 
because of a bug in both decompression methods.  I reported them in April.  No 
planned fix for those either.
 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability
  - From: cocoruder
- Re: [Full-disclosure] Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability
  - From: CaseArmour.net Security Administrator

Prev by Date: Re: [Full-disclosure] Microsoft Jet Engine MDB File Parsing StackOverflow Vulnerability
Next by Date: [Full-disclosure] [ MDKSA-2007:222 ] - Updated koffice packages fix vulnerabilities
Previous by thread: Re: [Full-disclosure] Microsoft Jet Engine MDB File Parsing StackOverflow Vulnerability
Next by thread: [Full-disclosure] AhnLab AntiVirus Remote Kernel Memory Corruption
Index(es):
- Date
- Thread