MartyConnelly
martyconnelly at shaw.ca
Wed Apr 13 14:40:52 CDT 2005
Here is the details, it requires some assembler knowledge http://www.hexview.com/docs/20050331-1.txt Stuart McLachlan wrote: >On 12 Apr 2005 at 21:41, Jim Lawrence wrote: > > > >>Hi All: >> >>Just received this in the mail. Is this something new or has it been known >>for a while? >> >>http://www.betanews.com/article/MS_Database_Engine_Flaw_Discovered/111332623 >>0 >> >> >> > >Don't know the details, but it says: > >"The vulnerability is caused due to a memory handling error when e.g. >parsing database files. This can be exploited to execute arbitrary code by >tricking a user into opening a specially crafted ".mdb" file in Microsoft >Access." > >What's the difference between this and tricking a user into opening a >".mdb" file which contains an autoexec macro that calls a function that can >do any sort of dirty work you want? > >You can achieve exactly the same thing without using any "flaws". > > > > > > > > -- Marty Connelly Victoria, B.C. Canada