Microsoft Windows JET Database Engine Remote Code Execution Vulnerability

Microsoft Windows JET Database Engine is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the current process. Failed attacks will cause denial-of-service conditions.

Information

Bugtraq ID: 105376
Class: Boundary Condition Error
CVE:
Remote: Yes
Local: No
Published: Sep 20 2018 12:00AM
Updated: Sep 20 2018 12:00AM
Credit: Lucas Leong (@_wmliang_) of Trend Micro Security Research
Vulnerable: Microsoft Windows 7 0

Not Vulnerable:

Exploit

The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.

References:

Microsoft Homepage (Microsoft)
(0Day) Microsoft Windows Jet Database Engine Out-Of-Bounds Write Remote Code Exe (Zero Day Initiative)
ZDI-CAN-6135: A REMOTE CODE EXECUTION VULNERABILITY IN THE MICROSOFT WINDOWS (Zero Day Initiative)

Source: www.securityfocus.com

Exploit Collector

Search Exploit