Bugtraq mailing list archives
Re: [HV-HIGH] Microsoft Jet DB engine vulnerabilities
From: Denis Jedig <seclists () syneticon de>
Date: Sat, 02 Apr 2005 10:59:46 +0200
Thor (Hammer of God) wrote:
How is this a high-level vulnerability when a user must launch the file, simply resulting in possible code execution within that user's interactive credentials? If you're going to get them to launch a file, why not code up a nice juicy .exe for them and not bother with the other stuff?
The user is opening a data file, like he would open a JPEG image or a MP3 audio file. Since the rule of thumb is that data does not harm, only code does, it is a security vulnerability.
Or even better, since it's an MDB file, code it up in an Access module- that way it won't even throw an exception.
Newer Access versions throw a security warning if the VBA code is not signed and let the user disable VBA execution. The issue highlighted by hexview is able to circumvent this security-related feature.
Denis Jedig syneticon GbR
Current thread:
- [HV-HIGH] Microsoft Jet DB engine vulnerabilities vuln (Mar 31)
- Re: [HV-HIGH] Microsoft Jet DB engine vulnerabilities Thor (Hammer of God) (Apr 01)
- Re: [HV-HIGH] Microsoft Jet DB engine vulnerabilities Denis Jedig (Apr 02)
- Re: [HV-HIGH] Microsoft Jet DB engine vulnerabilities Thor (Hammer of God) (Apr 04)
- Re: [HV-HIGH] Microsoft Jet DB engine vulnerabilities Steve Shockley (Apr 04)
- Re: [HV-HIGH] Microsoft Jet DB engine vulnerabilities Son SonOfLilit (Apr 04)
- Re: [HV-HIGH] Microsoft Jet DB engine vulnerabilities Denis Jedig (Apr 02)
- Re: [HV-HIGH] Microsoft Jet DB engine vulnerabilities Thor (Hammer of God) (Apr 01)