cbcvebase.
CVE-2007-6026
published 2007-11-20

CVE-2007-6026: Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows…

PriorityP271critical9.3CVSS 2.0
AVNACMAuNCCICAC
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
28.27%
97.9th percentile
Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count. NOTE: this might be the same issue as CVE-2005-0944.

Affected

11 ranges
VendorProductVersion rangeFixed in
microsoftaccess
microsoftjet
microsoftjet
microsoftoffice
microsoftwindows_nt
microsoftword
microsoftword
microsoftword
microsoftword
microsoftword
microsoftword

Detection & IOCsextracted from sources · hover to see the quote

filenameMicrosoft_Jet_Engine_MDB_File_Parsing_Exploit.mdb
urlhttp://ruder.cdut.net/attach/MS_MDB_Vul/Microsoft_Jet_Engine_MDB_File_Parsing_Exploit.rar
urlhttps://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/4625.rar
hash73243B8823C8DC2C88AE0529CA13C4C6
filenamemsjet40.dll
  • Monitor for suspicious spawning of calc.exe or other processes from Office Access (MSACCESS.EXE) or Word (WINWORD.EXE) as a sign of successful exploitation of the Jet Engine stack overflow.
  • Flag delivery of crafted .MDB or .RAR files referencing Jet Engine exploit filenames (Microsoft_Jet_Engine_MDB_File_Parsing_Exploit.mdb/.rar) at the network perimeter or email gateway.
  • Detect vulnerable msjet40.dll versions prior to 4.0.9505.0 on endpoints; presence of older versions indicates unpatched exposure to this stack overflow.
  • ·CVE-2007-6026 and CVE-2008-1092 are confirmed by Microsoft to describe the same underlying vulnerability; detections and patches should be applied under both CVE identifiers.
  • ·The vulnerability affects both .MDB file parsing (via Access) and crafted Word files, so detection scope must cover both Office Access and Word as attack vectors.

CVSS provenance

nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.