Alert: Microsoft Security Bulletin MS04-014 - Vulnerability in the Microsoft Jet Database Engine Could Allow Code Execution (837001)

From: Russ (Russ.Cooper_at_RC.ON.CA)
Date: 04/14/04

  • Next message: Tom Stewart: "Assembler snippet (Re: Suspicious WebDAV Traffic)" 
    Date:         Wed, 14 Apr 2004 08:08:55 -0400
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    Microsoft Security Bulletin MS04-014:
    Vulnerability in the Microsoft Jet Database Engine Could Allow Code
    Execution (837001)

    Bulletin URL:
    <http://www.microsoft.com/technet/security/bulletin/MS04-014.mspx>

    Summary:
      Version Number: 1.0
      Revision Date: April 13, 2004
      Impact of Vulnerability: Remote Code Execution
      Maximum Severity Rating: Important
      Patch(es) Replaced: None
      Caveats: None

    Revisions:
      * v1.0 - Tuesday, April 13, 2004: Bulletin published

    Tested Software:
      Affected Software:
      * Microsoft Windows NT. Workstation 4.0 Service Pack 6a
    <http://www.ntbugtraq.com/link/7678462a-52ec-48d5-9aeb-46ec4cc053c7.asp>
      * Microsoft Windows NT Server 4.0 Service Pack 6a
    <http://www.ntbugtraq.com/link/7678462a-52ec-48d5-9aeb-46ec4cc053c7.asp>
      * Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack
    6
    <http://www.ntbugtraq.com/link/7678462a-52ec-48d5-9aeb-46ec4cc053c7.asp>
      * Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000
    Service Pack 3, and Microsoft Windows 2000 Service Pack 4
    <http://www.ntbugtraq.com/link/5813346a-7ec2-4f57-a199-8375da0ad816.asp>
      * Microsoft Windows XP and Microsoft Windows XP Service Pack 1
    <http://www.ntbugtraq.com/link/ea17d1cb-075e-4b63-bc45-06ebbf41c6b5.asp>
      * Microsoft Windows XP 64-Bit Edition Service Pack 1
    <http://www.ntbugtraq.com/link/b487610d-806c-4289-be70-92f7d2337e17.asp>
      * Microsoft Windows XP 64-Bit Edition Version 2003
    <http://www.ntbugtraq.com/link/e4e0eb80-7395-4c07-bc1d-b187de541bc2.asp>
      * Microsoft Windows Server 2003
    <http://www.ntbugtraq.com/link/216d708b-3a55-4b50-8ad2-bff06b668cbb.asp>
      * Microsoft Windows Server 2003 64-Bit Edition
    <http://www.ntbugtraq.com/link/e4e0eb80-7395-4c07-bc1d-b187de541bc2.asp>
      * Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and
    Microsoft Windows Millennium Edition (ME) Review the FAQ section of this
    bulletin for details about these operating systems.

      Affected Components:
      * Microsoft Jet Database Engine version 4.0

    Technical Description:
    Executive Summary:
    buffer overrun vulnerability exists in the Microsoft Jet Database Engine
    (Jet) that could allow remote code execution. An attacker who
    successfully exploited this vulnerability could take complete control of
    an affected system, including installing programs; viewing, changing, or
    deleting data; or creating new accounts that have full privileges.

    Jet Vulnerability - CAN-2004-0197

    This email is sent to NTBugtraq automagically as a service to my
    subscribers. (v4.00.1564.10850)

    Cheers,
    Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor

    -----
    Earn up to 10 credit course hours toward the TruSecure ICSA Practitioner (TICSA) Credential and receive a TICSA exam coupon by attending the Infosecurity Canada 2004 conference. Featured speaker, Marcus J. Ranum, TruSecure inventor of the proxy firewall will present on June 3 at 11:30 AM. Visit <https://ticsa.trusecure.com> for certification details and <http://www.infosecuritycanada.com> for conference information. Become TICSA certified and see what happens!
    -----

  • Next message: Tom Stewart: "Assembler snippet (Re: Suspicious WebDAV Traffic)"
    • Quantcast