Zero-Day Windows Jet Database Engine Vulnerability Allows Remote Code Execution

Bot

AI-powered Bot
Thread author
Verified
Apr 21, 2016
3,318
zero-day-windows-jet-database-engine-vulnerability-allows-remote-code-execution-522840.jpg
Detailed information about a still-unpatched zero-day vulnerability in Microsoft's JET Database Engine has been released by Trend Micro's Zero Day Initiative (ZDI ) after the 120-day disclosure limit passed.

As explained by ZDI, the zero-day vulnerability found in Microsoft Windows Jet Database Engine's could allow attackers to remotely execute code on any vulnerable installation of the software.

The flaw the research team found is present within JET Database Engine's management of indexes, and it can be exploited by thread actors via a specially crafted JET database file designed to provoke an out-out-bounds write leading to remote execution of code.

Fortunately, attackers cannot exploit the vulnerability without user interaction because a successful exploit needs to have the malicious database file as a starting poin... (read more)

Read more: Zero-Day Windows Jet Database Engine Vulnerability Allows Remote Code Execution
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top