[AccessD] Security error in the MDB database

MartyConnelly martyconnelly at shaw.ca
Wed Apr 13 14:40:52 CDT 2005


Here is the details, it requires some assembler knowledge
http://www.hexview.com/docs/20050331-1.txt

Stuart McLachlan wrote:

>On 12 Apr 2005 at 21:41, Jim Lawrence wrote:
>
>  
>
>>Hi All:
>>
>>Just received this in the mail. Is this something new or has it been known
>>for a while?
>>
>>http://www.betanews.com/article/MS_Database_Engine_Flaw_Discovered/111332623
>>0
>>
>>    
>>
>
>Don't know the details, but it says:
>
>"The vulnerability is caused due to a memory handling error when e.g. 
>parsing database files. This can be exploited to execute arbitrary code by 
>tricking a user into opening a specially crafted ".mdb" file in Microsoft 
>Access."
>
>What's the difference between this and tricking a user into opening a 
>".mdb" file which contains an autoexec macro that calls a function that can 
>do any sort of dirty work you want?
>
>You can achieve exactly the same thing without using any "flaws".
>
>
>
>
>
>
>  
>

-- 
Marty Connelly
Victoria, B.C.
Canada






More information about the AccessD mailing list