HighProventia Desktop, Proventia Network IPS, RealSecure Network, RealSecure Server Sensor, BlackICE PC Protection, Proventia Network MFS, Proventia-G 1.1 and earlier, Proventia Network IDS, BlackICE Server Protection, IBM Security Server Protection for Windows, Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware:
This signature detects a malformed Jet Database (such as an Access database) which could cause a stack overflow and lead to the execution of code supplied by the attacker. The scanning of compressed .zip files must be enabled to catch all known attack vectors of the related vulnerability.
High
Proventia Desktop: 2190, Proventia Network IPS: XPU 28.050, RealSecure Network: XPU 28.050, RealSecure Server Sensor: XPU 28.050, BlackICE PC Protection: 3.6cqy, Proventia Network MFS: XPU 28.050, Proventia-G 1.1 and earlier: XPU 28.050, Proventia Network IDS: XPU 28.050, BlackICE Server Protection: 3.6.cqy, IBM Security Server Protection for Windows: 2.0.252.2190, IBM Security Server Protection for Windows: 1.0.914.2190, IBM Security Server Protection for Windows: 2.1.14.2400, Proventia Server IPS for Linux technology: 28.050, Virtual Server Protection for Vmware: 1.0
Microsoft Jet: 4.0
Unauthorized Access Attempt
Microsoft Jet Engine is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when parsing a MDB file. By persuading a victim to open a specially-crafted MDB file, a remote attacker could cause the victim's application to crash or possibly execute arbitrary code on the victim's system with the privileges of the victim. An attacker could exploit this vulnerability by sending the malicious file as an email attachment or hosting it on a Web site.
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS08-028. See References.
Full-Disclosure Mailing List, Fri Nov 16 2007 - 05:25:29 CST
Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability
http://archives.neohapsis.com/archives/fulldisclosure/2007-11/0392.html
InformationWeek, Dec. 12, 2007
Vulnerabilities Found In Microsoft Access And HP Laptop Software
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=204802012
Microsoft Security Bulletin MS08-028
Vulnerability in Microsoft Jet Database Engine (Jet) Could Allow Remote Code Execution (950749)
http://www.microsoft.com/technet/security/Bulletin/MS08-028.mspx
TPTI-08-04
Microsoft Office Jet Database Engine Column Parsing Stack Overflow Vulnerability
http://dvlabs.tippingpoint.com/advisory/TPTI-08-04
IBM Internet Security Systems X-Force Database
Microsoft Jet Database Engine Word file buffer overflow
http://xforce.iss.net/xforce/xfdb/41380
NORTEL BULLETIN ID: 2008008858, Rev 1
Nortel Response to Microsoft Security Bulletin MS08-028
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=726427
ISS X-Force
Microsoft Jet Database Engine MDB file buffer overflow
http://www.iss.net/security_center/static/38499.php
CVE
CVE-2007-6026
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6026