|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [HV-HIGH] Microsoft Jet DB engine vulnerabilities
From: Denis Jedig (seclists
syneticon.de)
Date: Sat Apr 02 2005 - 02:59:46 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Thor (Hammer of God) wrote:
> How is this a high-level vulnerability when a user must launch the file,
> simply resulting in possible code execution within that user's
> interactive credentials? If you're going to get them to launch a file,
> why not code up a nice juicy .exe for them and not bother with the other
> stuff?
The user is opening a data file, like he would open a JPEG image or a
MP3 audio file. Since the rule of thumb is that data does not harm, only
code does, it is a security vulnerability.
> Or even better, since it's an MDB file, code it up in an Access module-
> that way it won't even throw an exception.
Newer Access versions throw a security warning if the VBA code is not
signed and let the user disable VBA execution. The issue highlighted by
hexview is able to circumvent this security-related feature.
Denis Jedig
syneticon GbR
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]