Zero-day vulnerability in Microsoft Jet

Buffer overflow
CVE-2007-6026

The vulnerability initially had three CVEs: CVE-2005-0944, CVE-2007-6026 and CVE-2008-1092.
The issue has been introduced on 02/17/2000. The vulnerability was handled as a non-public zero-day exploit for at least 2832 days.

Known malware:

Trojan.Acdropper.C

Vulnerability details

Advisory: SB2008032101 - Remote code execution in Microsoft Jet

Vulnerable component: Microsoft Jet

CVE-ID: CVE-2007-6026

CVSSv3 score: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C

CWE-ID: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Description:

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to boundary error in Jet database engine when parsing .mdb files. A remote attacker can create a specially crafted .mdb file, trick the victim into opening it and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Note: this vulnerability is publicly disclosed since 2005, however an attack vector was introduced only in 2008. The vulnerability is being actively exploited.

Public Exploits:

Vulnerability Scanning SaaS

Vulnerability scanning SaaS service is online 3-rd generation vulnerability scanner with scheduled assessments and vulnerability subscription. You can use service to check security of your network perimeter.