exploits , vulnerabilities , articles , Microsoft SQL Server JET Database Engine 4.0 Buffer Overrun Vulnerability

Title	Microsoft SQL Server JET Database Engine 4.0 Buffer Overrun Vulnerability
Published	2003-05-09-12:00AM
Updated	2003-07-15-01:50AM
Class	Boundary Condition Error
CVE	CVE-MAP-NOMATCH
Remote	Yes
Local	No
Credit	Discovery is credited to "Cesar" <sqlsec@yahoo.com>.
Vulnerable	Microsoft SQL Server 2000 SP3 Microsoft SQL Server 2000 SP2 Microsoft SQL Server 2000 SP1 Microsoft Windows 2000 Professional Microsoft Windows 2000 Professional SP1 Microsoft Windows 2000 Professional SP2 Microsoft Windows NT 4.0 SP5 Microsoft Windows NT 4.0 SP6 Microsoft Windows NT 4.0 SP6a Microsoft SQL Server 2000 Microsoft Windows 2000 Professional Microsoft Windows 2000 Professional SP1 Microsoft Windows 2000 Professional SP2 Microsoft Windows NT 4.0 Microsoft Windows NT 4.0 SP5 Microsoft Windows NT 4.0 SP6 Microsoft Windows NT 4.0 SP6a Microsoft SQL Server 7.0 SP4 Microsoft SQL Server 7.0 Microsoft SQL Server 7.0 SP3 Microsoft SQL Server 7.0 Microsoft SQL Server 7.0 SP2 Microsoft SQL Server 7.0 Microsoft SQL Server 7.0 SP1 Microsoft SQL Server 7.0 Microsoft SQL Server 7.0 Microsoft BackOffice 4.5 Microsoft Windows NT 4.0 Microsoft Windows NT 4.0 SP1 Microsoft Windows NT 4.0 SP2 Microsoft Windows NT 4.0 SP3 Microsoft Windows NT 4.0 SP4 Microsoft Windows NT 4.0 SP5 Microsoft Windows NT 4.0 SP6 Microsoft Windows NT 4.0 SP6a Microsoft JET 4.0 SP6 Microsoft JET 4.0 SP5 Microsoft JET 4.0 SP4 Microsoft JET 4.0 SP3 Microsoft JET 4.0 SP2 Microsoft JET 4.0 SP1 Microsoft JET 4.0 Microsoft Access 2000 Microsoft Data Engine 2000 Akiva WebBoard 6.1 BindView bvAdmin for Microsoft Exchange BindView bvAdmin for Windows 7.0 BindView bvAdmin for Windows Migration BindView bvcontrol for Active Directory 7.0.2 BindView bvControl for Internet Security 7.0.1 BindView bvControl for Microsoft Exchange 7.0 BindView bvControl for Microsoft SQL Server 7.0 BindView bvControl for Microsoft SQL Server 7.0.1 BindView bvControl for Windows 7.0.2 CARIRUSCO Secure Perfect 3.0 CCH Equity Compliance Insider Reporting Module Collins Medical Plus 2000 Computer Associates Unicenter Computer Associates Unicenter RC/Update 6.0 Computer Associates Unicenter RC/Update 6.1 CSIRO BioLink Software 1.5 DATA.TXT Corporation Time Matters 3.0 DATA.TXT Corporation Time Matters 4.0 Dell OpenManage IT Assistant 5.0 Dell OpenManage IT Assistant 6.0 Express Metrix Express Software Manager 5.0 Express Metrix Express Software Manager 6.0 Express Metrix Express Software Manager 6.0.1 Express Metrix Express Software Manager 6.0.2 Fluke Networks Optiview Network Inspector 5.0 HP Openview Internet Services 4.0 HP Openview Internet Services 4.5 HP Openview Operations for Windows 6.0 HP Openview Operations for Windows 7.0 HP Openview Operations for Windows 7.1 HP Openview Reporter 2.0.2 HP Openview Reporter 3.0 ISI Infortel for Windows 4.0 ISI Infortel for Windows 5.1 ISI Infortel for Windows 5.2 ISI Infortel for Windows 5.4 Journyx Timesheet 2.0 Journyx Timesheet 4.5 Journyx Timesheet 4.5 m2 Journyx Timesheet 4.5 m3 Journyx Timesheet 4.6 Journyx Timesheet 5.0 Microsoft .NET Framework 1.0 Microsoft .NET Framework 1.0 SP1 Microsoft .NET Framework 1.1 Microsoft .NET Framework SDK 1.0 Microsoft Application Center 2000 Microsoft Biztalk Server 2002 Partner Edition Microsoft FrontPage 2000 Server Extensions SR 1.0 Microsoft FrontPage 2000 Server Extensions SR 1.1 Microsoft FrontPage 2000 Server Extensions SR 1.2 Microsoft FrontPage 2000 Server Extensions SR 1.3 Microsoft Great Plains 5.0 Microsoft Great Plains 5.5 Microsoft Great Plains 5.5.1 Microsoft Great Plains 7.0 Microsoft Office 2000 Microsoft Office 2000 SP1 Microsoft Office 2000 SP2 Microsoft Office 2000 Chinese Version Microsoft Office 2000 Japanese Version Microsoft Office 2000 Korean Version Microsoft Office XP Microsoft Office XP SP1 Microsoft Office XP Developer Edition Microsoft Project Central Server Microsoft SharePoint Portal Server 2001 Microsoft SharePoint Portal Server 2001 SP1 Microsoft SharePoint Team Services from Microsoft Microsoft SQL Server 2000 Microsoft SQL Server 2000 SP1 Microsoft SQL Server 2000 SP2 Microsoft SQL Server 2000 SP3 Microsoft Visio 2000 Enterprise Edition Microsoft Visio Enterprise Network Tools Microsoft Visual FoxPro 6.0 Microsoft Visual FoxPro 7.0 Microsoft Visual FoxPro 7.0 SP1 Microsoft Visual Studio .NET Academic Edition Microsoft Visual Studio .NET Enterprise Architect Edition Microsoft Visual Studio .NET Enterprise Developer Edition Microsoft Visual Studio .NET Professional Edition Microsoft Visual Studio .NET Trial Edition Microsoft Windows Server 2003 Standard Edition Microsoft Windows XP Embedded Microsoft Windows XP Embedded SP1 MIP NonProfit Series Pro 4.3 MIP NonProfit Series Pro 4.4 MIP NonProfit Series Pro 4.5 NetSupport NetSupport TCO 4.5 NetSupport NetSupport TCO 4.5.1 Network Associates SupportMagic SQL 4.5 Okena StormWatch Peachtree Software Timeslips 6.0 Peachtree Software Timeslips 7.0 Peachtree Software Timeslips 8.0 Peachtree Software Timeslips 9.0 Peachtree Software Timeslips 9.0 Peachtree Software Timeslips 10.0 Peachtree Software Timeslips 11.0 QiNetix CommVault Galaxy 4.0.1 SalesLogix Corporation SalesLogix 2000.0 SmartMax Software MailMax 5.0 TeleStream FlipFactory 1.2 TeleStream FlipFactory 2.0 TeleStream FlipFactory 3.0 Veritas Software Backup Exec for Windows Servers 9.0 VIGILANTe SecureScan NX 2.5 Visionary Systems Firehouse Software 3.0.5 Visionary Systems Firehouse Software 5.0 Visionary Systems Firehouse Software 5.0.2 5 Visionary Systems Firehouse Software 5.4 Wonderware InTouch 7.11 Xerox CentreWare Web 1.0 Microsoft Data Engine 1.0 Affymetrix Microarray Suite Software 5.0 Affymetrix Microarray Suite Software 5.0.1 Altiris Deployment Server 5.0.1 Altiris Deployment Server 5.5 BlackBerry Enterprise Server 2.0 .0.65 Centennial UK Ltd Centennial Discovery 4.4 Compaq Insight Manager 7.0 Compaq Insight Manager 7.0 SP1 Gerber Technology WebPDM 3.9 McAfee ePolicy Orchestrator 1.0 McAfee ePolicy Orchestrator 1.1 McAfee ePolicy Orchestrator 2.0 McAfee ePolicy Orchestrator 2.5 McAfee ePolicy Orchestrator 2.5 SP1 Microsoft Access 2000 Microsoft Project Central Server Microsoft SharePoint Team Services from Microsoft Microsoft Visual Studio 6.0 PowerQuest ControlCenter ST 2.0 PPM 2000 Incident Reporting and Investigation Management 5.1 Trend Micro Control Manager 2.5 Trend Micro Damage Cleanup Server 1.0 Vital Processing Services LLC POSpartner 2000 4.1.11 Vital Processing Services LLC POSpartner 2000 5.0.13 Websense Reporter 6.3.1
Not Vulnerable	Microsoft JET 4.0 SP7
Code	The following proof-of-concept examples were provided: select * from openrowset('microsoft.jet.oledb.4.0','c:anydatabase.mdb';'admin';'','select XXX...()') or select * from Openquery(SomeJet40LinkedServer,'Select XXX...()') (where XXX... is more than 276 chars) Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: content@securitydot.net <mailto:content@securitydot.net>.
TXT

Vulnerabilities - newest 10 RSS | More

• 2008-12-04 Rae Media Web Based Contact Management Login SQL Injection Vulnerability
• 2008-12-04 Nagios External Commands and Adaptive Commands Unspecified Vulnerability
• 2008-12-04 Z1Exchange SQL Injection and Cross Site Scripting Vulnerabilities
• 2008-12-04 mvnForum Cross Site Scripting Vulnerability
• 2008-12-04 i-Net Solution Orkut Clone SQL Injection and Cross Site Scripting Vulnerabilities
• 2008-12-04 Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
• 2008-12-04 Jbook SQL Injection Vulnerability
• 2008-12-04 SquirrelMail Malformed HTML Mail Message HTML Injection Vulnerability
• 2008-12-04 HP-UX Unspecified Local Denial Of Service Vulnerability
• 2008-12-04 Netrw Vim Script Information Disclosure Vulnerability

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Fri, 05 Dec 2008 16:48:24 +0000