- Joined
- Aug 20, 2006
- Messages
- 13,000
Microsoft’s lack of action has compelled Trend Micro’s security team to reveal details of a zero-day vulnerability applicable to all Windows versions. The vulnerability involves the Microsoft JET Database Engine, which is integrated in products such as Microsoft Access and Visual Basic.
According to an advisory released by Zero Day Initiative (ZDI), the vulnerability is due to a problem with the management of indexes in the Jet database engine that, if exploited successfully, can cause an out-out-bounds memory write, leading to remote code execution. An attacker must convince a targeted user into opening a specially crafted JET database file in order to exploit this vulnerability and remotely execute malicious code on a targeted vulnerable Windows computer.
According to an advisory released by Zero Day Initiative (ZDI), the vulnerability is due to a problem with the management of indexes in the Jet database engine that, if exploited successfully, can cause an out-out-bounds memory write, leading to remote code execution. An attacker must convince a targeted user into opening a specially crafted JET database file in order to exploit this vulnerability and remotely execute malicious code on a targeted vulnerable Windows computer.