<<< Date Index >>>     <<< Thread Index >>>

Re: [HV-HIGH] Microsoft Jet DB engine vulnerabilities



Thor (Hammer of God) wrote:
How is this a high-level vulnerability when a user must launch the file, simply resulting in possible code execution within that user's interactive credentials? If you're going to get them to launch a file, why not code up a nice juicy .exe for them and not bother with the other stuff?

The user is opening a data file, like he would open a JPEG image or a MP3 audio file. Since the rule of thumb is that data does not harm, only code does, it is a security vulnerability.

Or even better, since it's an MDB file, code it up in an Access module- that way it won't even throw an exception.

Newer Access versions throw a security warning if the VBA code is not signed and let the user disable VBA execution. The issue highlighted by hexview is able to circumvent this security-related feature.

Denis Jedig
syneticon GbR