lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Sun, 18 Nov 2007 01:58:02 +0200 (EET)
From: Juha-Matti Laurio <juha-matti.laurio@...ti.fi>
To: "CaseArmour.net Security Administrator" <security@...earmour.net>,
	bugtraq@...urityfocus.com, frankruder@...mail.com,
	full-disclosure@...ts.grok.org.uk
Subject: Re: Microsoft Jet Engine MDB File Parsing Stack Overflow
 Vulnerability

There is a well-known unpatched code execution type vulnerability reported originally in msjet40.dll version 4.00.8618.0 too.
This issue reported by HexView is known since March 2005:

http://www.securityfocus.com/bid/12960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0944

We probably don't see a fix for this issue.

- Juha-Matti

"CaseArmour.net Security Administrator" <security@...earmour.net> kirjoitti: 
> It would be useful to know if this is also an issue with msjet40.dll
> 4.0.9510.0 (Windows Server 2003 SP2 + hotfixes).  I have an installer
> for Windows XP SP2 that -- seems -- to cleanly apply Windows Server 2003
> SP2's MDAC 2.82.  I haven't been able to give it a serious, hard testing
> because I don't have many apps that still use MDAC.
> 
> On Fri, 16 Nov 2007 19:25:29 +0800, "cocoruder" <cocoruder@...il.com>
> said:
> >
> >     (C:\Windows\System32\msjet40.dll, version is 4.0.8618.0)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ