| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <11368721.538501195343883226.JavaMail.juha-matti.laurio@netti.fi> Date: Sun, 18 Nov 2007 01:58:02 +0200 (EET) From: Juha-Matti Laurio <juha-matti.laurio@...ti.fi> To: "CaseArmour.net Security Administrator" <security@...earmour.net>, bugtraq@...urityfocus.com, frankruder@...mail.com, full-disclosure@...ts.grok.org.uk Subject: Re: Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability There is a well-known unpatched code execution type vulnerability reported originally in msjet40.dll version 4.00.8618.0 too. This issue reported by HexView is known since March 2005: http://www.securityfocus.com/bid/12960 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0944 We probably don't see a fix for this issue. - Juha-Matti "CaseArmour.net Security Administrator" <security@...earmour.net> kirjoitti: > It would be useful to know if this is also an issue with msjet40.dll > 4.0.9510.0 (Windows Server 2003 SP2 + hotfixes). I have an installer > for Windows XP SP2 that -- seems -- to cleanly apply Windows Server 2003 > SP2's MDAC 2.82. I haven't been able to give it a serious, hard testing > because I don't have many apps that still use MDAC. > > On Fri, 16 Nov 2007 19:25:29 +0800, "cocoruder" <cocoruder@...il.com> > said: > > > > (C:\Windows\System32\msjet40.dll, version is 4.0.8618.0)
Powered by blists - more mailing lists