HighMicrosoft Jet Database Engine (msjet40.dll) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when parsing a Word file. By persuading a victim to open a specially-crafted Word file, a remote attacker could cause the victim's application to crash or possibly execute arbitrary code on the victim's system with the privileges of the victim. An attacker could exploit this vulnerability by sending the malicious file as an email attachment or by hosting it on a Web site.
An attacker could also exploit this vulnerability by persuading a victim to open a specially-crafted MDB file or an MDB file embedded in a Word document. Refer to SecChkID 38499. See References.
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS08-028. See References.
Microsoft Security Advisory (950627)
Vulnerability in Microsoft Jet Database Engine (Jet) Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/950627.mspx
Microsoft Security Bulletin MS08-028
Vulnerability in Microsoft Jet Database Engine (Jet) Could Allow Remote Code Execution (950749)
http://www.microsoft.com/technet/security/Bulletin/MS08-028.mspx
IBM Internet Security Systems X-Force Database
Microsoft Jet Database Engine MDB file buffer overflow
http://xforce.iss.net/xforce/xfdb/38499
HPSBST02336 SSRT080071 rev.1
Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-026 to MS08-029
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01460710
ISS X-Force
Microsoft Jet Database Engine Word file buffer overflow
http://www.iss.net/security_center/static/41380.php
CVE CVE-2008-1092
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1092
