Re: [HV-HIGH] Microsoft Jet DB engine vulnerabilities
Thor (Hammer of God) wrote:
How is this a high-level vulnerability when a user must launch the file,
simply resulting in possible code execution within that user's
interactive credentials? If you're going to get them to launch a file,
why not code up a nice juicy .exe for them and not bother with the other
stuff?
The user is opening a data file, like he would open a JPEG image or a
MP3 audio file. Since the rule of thumb is that data does not harm, only
code does, it is a security vulnerability.
Or even better, since it's an MDB file, code it up in an Access module-
that way it won't even throw an exception.
Newer Access versions throw a security warning if the VBA code is not
signed and let the user disable VBA execution. The issue highlighted by
hexview is able to circumvent this security-related feature.
Denis Jedig
syneticon GbR