[AccessD] Security error in the MDB database

Stuart McLachlan stuart at lexacorp.com.pg
Wed Apr 13 00:31:47 CDT 2005


On 12 Apr 2005 at 21:41, Jim Lawrence wrote:

> Hi All:
> 
> Just received this in the mail. Is this something new or has it been known
> for a while?
> 
> http://www.betanews.com/article/MS_Database_Engine_Flaw_Discovered/111332623
> 0
> 

Don't know the details, but it says:

"The vulnerability is caused due to a memory handling error when e.g. 
parsing database files. This can be exploited to execute arbitrary code by 
tricking a user into opening a specially crafted ".mdb" file in Microsoft 
Access."

What's the difference between this and tricking a user into opening a 
".mdb" file which contains an autoexec macro that calls a function that can 
do any sort of dirty work you want?

You can achieve exactly the same thing without using any "flaws".






-- 
Stuart





More information about the AccessD mailing list