Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-6026

CWE-119Buffer Overflow5 documents5 sources
Severity
9.3CRITICAL
EPSS
77.7%
top 1.01%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Microsoft JETMicrosoft OfficeMicrosoft Windows NT
Timeline
PublishedNov 20
Latest updateMay 1

Description

Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count. NOTE: this might be the same issue as CVE-2005-0944.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

NVDmicrosoft/jet4.0.8618.0

🔴Vulnerability Details

3
GHSA
GHSA-2r22-4xgm-wjg8: Stack-based buffer overflow in Microsoft msjet402022-05-01
CVEList
CVE-2007-6026: Stack-based buffer overflow in Microsoft msjet402007-11-20
VulnCheck
Microsoft jet Improper Restriction of Operations within the Bounds of a Memory Buffer2007

💥Exploits & PoCs

1
Exploit-DB
Microsoft Jet Engine - '.MDB' File Parsing Stack Overflow2007-11-16
CVE-2007-6026 (CRITICAL CVSS 9.3) | Stack-based buffer overflow in Micr | cvebase.io