CVE-2007-6026
published 2007-11-20CVE-2007-6026: Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows…
PriorityP271critical9.3CVSS 2.0
AVNACMAuNCCICAC
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
28.27%
97.9th percentile
Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count. NOTE: this might be the same issue as CVE-2005-0944.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | access | — | — |
| microsoft | jet | — | — |
| microsoft | jet | — | — |
| microsoft | office | — | — |
| microsoft | windows_nt | — | — |
| microsoft | word | — | — |
| microsoft | word | — | — |
| microsoft | word | — | — |
| microsoft | word | — | — |
| microsoft | word | — | — |
| microsoft | word | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for suspicious spawning of calc.exe or other processes from Office Access (MSACCESS.EXE) or Word (WINWORD.EXE) as a sign of successful exploitation of the Jet Engine stack overflow. ↗
- →Flag delivery of crafted .MDB or .RAR files referencing Jet Engine exploit filenames (Microsoft_Jet_Engine_MDB_File_Parsing_Exploit.mdb/.rar) at the network perimeter or email gateway. ↗
- →Detect vulnerable msjet40.dll versions prior to 4.0.9505.0 on endpoints; presence of older versions indicates unpatched exposure to this stack overflow. ↗
- ·CVE-2007-6026 and CVE-2008-1092 are confirmed by Microsoft to describe the same underlying vulnerability; detections and patches should be applied under both CVE identifiers. ↗
- ·The vulnerability affects both .MDB file parsing (via Access) and crafted Word files, so detection scope must cover both Office Access and Word as attack vectors. ↗
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-m5h6-g75q-rpq4: Buffer overflow in msjet40
ghsa_unreviewed·2022-05-01·CVSS 9.3
CVE-2008-1092 [CRITICAL] CWE-119 GHSA-m5h6-g75q-rpq4: Buffer overflow in msjet40
Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: as of 20080513, Microsoft has stated that this is the same issue as CVE-2007-6026.
GHSA
GHSA-h7xx-fhc4-7rv3: Unspecified vulnerability in Microsoft Access allows remote user-assisted attackers to execute arbitrary code via a crafted
ghsa_unreviewed·2022-05-01·CVSS 9.3
CVE-2008-1200 [CRITICAL] GHSA-h7xx-fhc4-7rv3: Unspecified vulnerability in Microsoft Access allows remote user-assisted attackers to execute arbitrary code via a crafted
Unspecified vulnerability in Microsoft Access allows remote user-assisted attackers to execute arbitrary code via a crafted .MDB file, possibly related to Jet Engine (msjet40.dll). NOTE: this is probably a different issue than CVE-2007-6026.
GHSA
GHSA-xm5h-r3m3-mqj4: Stack-based buffer overflow in Microsoft Office Access allows remote, user-assisted attackers to execute arbitrary code via a crafted Microsoft Access
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2007-6357 [HIGH] CWE-119 GHSA-xm5h-r3m3-mqj4: Stack-based buffer overflow in Microsoft Office Access allows remote, user-assisted attackers to execute arbitrary code via a crafted Microsoft Access
Stack-based buffer overflow in Microsoft Office Access allows remote, user-assisted attackers to execute arbitrary code via a crafted Microsoft Access Database (.mdb) file. NOTE: due to the lack of details as of 20071210, it is not clear whether this issue is the same as CVE-2007-6026 or CVE-2005-0944.
GHSA
GHSA-2r22-4xgm-wjg8: Stack-based buffer overflow in Microsoft msjet40
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2007-6026 [HIGH] CWE-119 GHSA-2r22-4xgm-wjg8: Stack-based buffer overflow in Microsoft msjet40
Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count. NOTE: this might be the same issue as CVE-2005-0944.
VulnCheck
Microsoft Windows Improper Restriction of Operations within the Bounds of a Memory Buffer
vulncheck·2008·CVSS 9.3
CVE-2008-1092 [CRITICAL] Microsoft Windows Improper Restriction of Operations within the Bounds of a Memory Buffer
Microsoft Windows Improper Restriction of Operations within the Bounds of a Memory Buffer
Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: as of 20080513, Microsoft has stated that this is the same issue as CVE-2007-6026.
Affected: Microsoft Windows
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://nvd.nist.gov/vuln/detail/CVE-2008-1092; https://www.cve.org/CVERecord?id=CVE-2008-1092
VulnCheck
Microsoft jet Improper Restriction of Operations within the Bounds of a Memory Buffer
vulncheck·2007·CVSS 7.5
CVE-2007-6026 [HIGH] Microsoft jet Improper Restriction of Operations within the Bounds of a Memory Buffer
Microsoft jet Improper Restriction of Operations within the Bounds of a Memory Buffer
Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count. NOTE: this might be the same issue as CVE-2005-0944.
Affected: Microsoft jet
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-028
No detection rules found.
No writeups or analysis indexed.
http://dvlabs.tippingpoint.com/advisory/TPTI-08-04http://lists.grok.org.uk/pipermail/full-disclosure/2007-November/058531.htmlhttp://marc.info/?l=bugtraq&m=121129490723574&w=2http://ruder.cdut.net/blogview.asp?logID=227http://securityreason.com/securityalert/3376http://www.kb.cert.org/vuls/id/936529http://www.securityfocus.com/archive/1/483797/100/0/threadedhttp://www.securityfocus.com/archive/1/483858/100/100/threadedhttp://www.securityfocus.com/archive/1/483887/100/100/threadedhttp://www.securityfocus.com/archive/1/483888/100/100/threadedhttp://www.securityfocus.com/archive/1/492019/100/0/threadedhttp://www.securityfocus.com/bid/26468http://www.securityfocus.com/bid/28398http://www.securitytracker.com/id?1018976http://www.us-cert.gov/cas/techalerts/TA08-134A.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-028https://exchange.xforce.ibmcloud.com/vulnerabilities/38499https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5578http://dvlabs.tippingpoint.com/advisory/TPTI-08-04http://lists.grok.org.uk/pipermail/full-disclosure/2007-November/058531.htmlhttp://marc.info/?l=bugtraq&m=121129490723574&w=2http://ruder.cdut.net/blogview.asp?logID=227http://securityreason.com/securityalert/3376http://www.kb.cert.org/vuls/id/936529http://www.securityfocus.com/archive/1/483797/100/0/threadedhttp://www.securityfocus.com/archive/1/483858/100/100/threadedhttp://www.securityfocus.com/archive/1/483887/100/100/threadedhttp://www.securityfocus.com/archive/1/483888/100/100/threadedhttp://www.securityfocus.com/archive/1/492019/100/0/threadedhttp://www.securityfocus.com/bid/26468http://www.securityfocus.com/bid/28398http://www.securitytracker.com/id?1018976http://www.us-cert.gov/cas/techalerts/TA08-134A.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-028https://exchange.xforce.ibmcloud.com/vulnerabilities/38499https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5578
2007-11-20
Published
Exploited in the wild