A vulnerability has been reported in Microsoft Windows 7, which can be exploited by malicious people to execute remote code on system.
PUBLISH DATE: 25-09-2018
A vulnerability in Microsoft Windows JET Database Engine could allow for remote code execution. A number of applications like Microsoft Access, Microsoft Visual Basic, and third-party applications get data access by the JET Database Engine. When this vulnerability is exploited successfully, it lets attackers execute a remote code in the context of the current process and misuse the privileges associated with the process.
It may involve installing programs; viewing, changing or deleting data; or even creating new accounts with full user privileges. Processes configured to have administrative privileges can be more harmful if exploited.
This attack however would require user interaction as it requires the targeted user to visit some malicious page or open a malicious file. The specific flaw exists within the management of indexes in the Jet database engine. Crafted data in a database file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code under the context of the current process.
This vulnerability is due to an out-of-bounds write error. Specifically, this issue exists within the management of indexes. When a user is convinced to open a specially crafted Jet data source via OLEDB, this vulnerability can be exploited.
Microsoft has already patched two other issues in the JET this September. The already patched bugs were buffer overflows; however, this additional bug is actually an out-of-bounds write, which can be triggered by opening a Jet data source via OLEDB.
When a user opens a specially crafted file containing data stored in the JET database format, the vulnerability is triggered. This vulnerability may proceed to cause a Denial of Service (DoS).
This crash is yielded by the issue:
Microsoft Windows 7
(Note: Only Windows 7 has been confirmed vulnerable but the exploited component is included in all supported versions of Windows, including server editions.)
No patch for the vulnerability has yet been released. It is expected that Microsoft will soon patch the vulnerability in the upcoming October patch release. Until then, vigilant behavior is the only solution to avoid falling victim to this vulnerability.
Zero Day Initiative also suggests that users should restrict interaction of the application with trusted and confidential files.
If you think you’re the victim of a cyber-attack, immediately send an email to firstname.lastname@example.org.