Bugtraq mailing list archives
Re: [HV-HIGH] Microsoft Jet DB engine vulnerabilities
From: "Thor (Hammer of God)" <thor () hammerofgod com>
Date: Thu, 31 Mar 2005 16:53:03 -0800
How is this a high-level vulnerability when a user must launch the file, simply resulting in possible code execution within that user's interactive credentials? If you're going to get them to launch a file, why not code up a nice juicy .exe for them and not bother with the other stuff?
Or even better, since it's an MDB file, code it up in an Access module- that way it won't even throw an exception.
A bug, yes- a security vulnerability, no.----- Original Message ----- From: <vuln () hexview com>
To: <full-disclosure () lists grok org uk>; <bugtraq () securityfocus com> Sent: Thursday, March 31, 2005 1:53 PM Subject: [HV-HIGH] Microsoft Jet DB engine vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Microsoft Jet DB engine vulnerabilities Classification: =============== Level: low-med-[HIGH]-crit ID: HEXVIEW*2005*03*31*1 URL: http://www.hexview.com/docs/20050331-1.txt
Current thread:
- [HV-HIGH] Microsoft Jet DB engine vulnerabilities vuln (Mar 31)
- Re: [HV-HIGH] Microsoft Jet DB engine vulnerabilities Thor (Hammer of God) (Apr 01)
- Re: [HV-HIGH] Microsoft Jet DB engine vulnerabilities Denis Jedig (Apr 02)
- Re: [HV-HIGH] Microsoft Jet DB engine vulnerabilities Thor (Hammer of God) (Apr 04)
- Re: [HV-HIGH] Microsoft Jet DB engine vulnerabilities Steve Shockley (Apr 04)
- Re: [HV-HIGH] Microsoft Jet DB engine vulnerabilities Son SonOfLilit (Apr 04)
- Re: [HV-HIGH] Microsoft Jet DB engine vulnerabilities Denis Jedig (Apr 02)
- Re: [HV-HIGH] Microsoft Jet DB engine vulnerabilities Thor (Hammer of God) (Apr 01)