HighBlackICE Server Protection, BlackICE PC Protection, RealSecure Server Sensor, RealSecure Network, Proventia-G 1.1 and earlier, Proventia Desktop, Proventia Server IPS for Linux technology, Proventia Network IPS, Proventia Network MFS, Proventia Server IPS for Microsoft Windows technology:
This signature detects a malformed Jet Database (such as an Access database) which could cause a stack overflow and lead to the execution of code supplied by the attacker. The scanning of compressed .zip files must be enabled to catch all known attack vectors of the related vulnerability.
High
BlackICE Server Protection: 3.6.cqy, BlackICE PC Protection: 3.6cqy, RealSecure Server Sensor: XPU 28.050, RealSecure Network: XPU 28.050, Proventia-G 1.1 and earlier: XPU 28.050, Proventia Desktop: 2190, Proventia Server IPS for Linux technology: 28.050, Proventia Network IPS: XPU 28.050, Proventia Network MFS: XPU 28.050, Proventia Server IPS for Microsoft Windows technology: 2.0.252.2190, Proventia Server IPS for Microsoft Windows technology: 1.0.914.2190
Microsoft Jet: 4.0
Unauthorized Access Attempt
Microsoft Jet Engine is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when parsing a MDB file. By persuading a victim to open a specially-crafted MDB file, a remote attacker could cause the victim's application to crash or possibly execute arbitrary code on the victim's system with the privileges of the victim. An attacker could exploit this vulnerability by sending the malicious file as an email attachment or hosting it on a Web site.
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS08-028. See References.
Full-Disclosure Mailing List, Fri Nov 16 2007 - 05:25:29 CST
Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability
http://archives.neohapsis.com/archives/fulldisclosure/2007-11/0392.html
InformationWeek, Dec. 12, 2007
Vulnerabilities Found In Microsoft Access And HP Laptop Software
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=204802012
Microsoft Security Bulletin MS08-028
Vulnerability in Microsoft Jet Database Engine (Jet) Could Allow Remote Code Execution (950749)
http://www.microsoft.com/technet/security/Bulletin/MS08-028.mspx
TPTI-08-04
Microsoft Office Jet Database Engine Column Parsing Stack Overflow Vulnerability
http://dvlabs.tippingpoint.com/advisory/TPTI-08-04
IBM Internet Security Systems X-Force Database
Microsoft Jet Database Engine Word file buffer overflow
http://xforce.iss.net/xforce/xfdb/41380
NORTEL BULLETIN ID: 2008008858, Rev 1
Nortel Response to Microsoft Security Bulletin MS08-028
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=726427
ISS X-Force
Microsoft Jet Database Engine MDB file buffer overflow
http://www.iss.net/security_center/static/38499.php
CVE
CVE-2007-6026
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6026