Windows : Microsoft Bulletins : Microsoft Jet Database Engine Vulnerability (MS08-028)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.90024

Categoría: Windows : Microsoft Bulletins

Título: Microsoft Jet Database Engine Vulnerability (MS08-028)

Resumen: The remote host is probably affected by the vulnerability described in; CVE-2007-6026.

Descripción: Summary:
The remote host is probably affected by the vulnerability described in
CVE-2007-6026.

Vulnerability Impact:
Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0
(aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted
attackers to execute arbitrary code via a crafted MDB file database file containing a column structure
with a modified column count. NOTE: this might be the same issue as CVE-2005-0944.

Solution:
All Users should upgrade to the latest version.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2007-6026
BugTraq ID: 26468
http://www.securityfocus.com/bid/26468
BugTraq ID: 28398
http://www.securityfocus.com/bid/28398
Bugtraq: 20071116 Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/483797/100/0/threaded
Bugtraq: 20071117 Re: Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/483858/100/100/threaded
http://www.securityfocus.com/archive/1/483887/100/100/threaded
Bugtraq: 20071118 Re: [Full-disclosure] Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/483888/100/100/threaded
Bugtraq: 20080513 TPTI-08-04: Microsoft Office Jet Database Engine Column Parsing Stack Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/492019/100/0/threaded
Cert/CC Advisory: TA08-134A
http://www.us-cert.gov/cas/techalerts/TA08-134A.html
CERT/CC vulnerability note: VU#936529
http://www.kb.cert.org/vuls/id/936529
http://lists.grok.org.uk/pipermail/full-disclosure/2007-November/058531.html
HPdes Security Advisory: HPSBST02336
http://marc.info/?l=bugtraq&m=121129490723574&w=2
HPdes Security Advisory: SSRT080071
http://dvlabs.tippingpoint.com/advisory/TPTI-08-04
http://ruder.cdut.net/blogview.asp?logID=227
Microsoft Security Bulletin: MS08-028
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-028
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5578
http://www.securitytracker.com/id?1018976
http://securityreason.com/securityalert/3376
XForce ISS Database: microsoft-jet-engine-mdb-bo(38499)
https://exchange.xforce.ibmcloud.com/vulnerabilities/38499

Copyright Copyright (C) 2008 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.90024
Categoría:	Windows : Microsoft Bulletins
Título:	Microsoft Jet Database Engine Vulnerability (MS08-028)
Resumen:	The remote host is probably affected by the vulnerability described in; CVE-2007-6026.
Descripción:	Summary: The remote host is probably affected by the vulnerability described in CVE-2007-6026. Vulnerability Impact: Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count. NOTE: this might be the same issue as CVE-2005-0944. Solution: All Users should upgrade to the latest version. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-6026 BugTraq ID: 26468 http://www.securityfocus.com/bid/26468 BugTraq ID: 28398 http://www.securityfocus.com/bid/28398 Bugtraq: 20071116 Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/483797/100/0/threaded Bugtraq: 20071117 Re: Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/483858/100/100/threaded http://www.securityfocus.com/archive/1/483887/100/100/threaded Bugtraq: 20071118 Re: [Full-disclosure] Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/483888/100/100/threaded Bugtraq: 20080513 TPTI-08-04: Microsoft Office Jet Database Engine Column Parsing Stack Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/492019/100/0/threaded Cert/CC Advisory: TA08-134A http://www.us-cert.gov/cas/techalerts/TA08-134A.html CERT/CC vulnerability note: VU#936529 http://www.kb.cert.org/vuls/id/936529 http://lists.grok.org.uk/pipermail/full-disclosure/2007-November/058531.html HPdes Security Advisory: HPSBST02336 http://marc.info/?l=bugtraq&m=121129490723574&w=2 HPdes Security Advisory: SSRT080071 http://dvlabs.tippingpoint.com/advisory/TPTI-08-04 http://ruder.cdut.net/blogview.asp?logID=227 Microsoft Security Bulletin: MS08-028 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-028 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5578 http://www.securitytracker.com/id?1018976 http://securityreason.com/securityalert/3376 XForce ISS Database: microsoft-jet-engine-mdb-bo(38499) https://exchange.xforce.ibmcloud.com/vulnerabilities/38499
Copyright	Copyright (C) 2008 Greenbone AG