Vulnerabilities > CVE-2005-0944 - Unspecified vulnerability in Microsoft JET

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
microsoft
nessus
exploit available

Summary

Unknown vulnerability in Microsoft Jet DB engine (msjet40.dll) 4.00.8618.0, related to insufficient data validation, allows remote attackers to execute arbitrary code via a crafted mdb file.

Exploit-Db

  • descriptionMS Jet Database (msjet40.dll) Reverse Shell Exploit. CVE-2005-0944. Local exploit for windows platform
    idEDB-ID:951
    last seen2016-01-31
    modified2005-04-22
    published2005-04-22
    reporterJean Luc
    sourcehttps://www.exploit-db.com/download/951/
    titleMicrosoft Jet Database msjet40.dll Reverse Shell Exploit
  • descriptionMS Jet Database (msjet40.dll) DB File Buffer Overflow Exploit. CVE-2005-0944. Local exploit for windows platform
    idEDB-ID:927
    last seen2016-01-31
    modified2005-04-11
    published2005-04-11
    reporterStuart Pearson
    sourcehttps://www.exploit-db.com/download/927/
    titleMicrosoft Jet Database msjet40.dll DB File Buffer Overflow Exploit

Nessus

NASL familyWindows : Microsoft Bulletins
NASL idSMB_NT_MS08-028.NASL
descriptionThe remote host has a bug in its Microsoft Jet Database Engine (837001). An attacker may exploit one of these flaws to execute arbitrary code on the remote system. To exploit this flaw, an attacker would need the ability to craft a specially malformed database query and have this engine execute it.
last seen2020-06-01
modified2020-06-02
plugin id32312
published2008-05-13
reporterThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/32312
titleMS08-028: Vulnerability in Microsoft Jet Database Engine Could Allow Remote Code Execution (950749)
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(32312);
 script_version("1.37");
 script_cvs_date("Date: 2018/11/15 20:50:30");

 script_cve_id("CVE-2005-0944", "CVE-2007-6026");
 script_bugtraq_id(12960, 26468);
 script_xref(name:"CERT", value:"176380");
 script_xref(name:"CERT", value:"936529");
 script_xref(name:"MSFT", value:"MS08-028");
 script_xref(name:"MSKB", value:"950749");

 script_name(english:"MS08-028: Vulnerability in Microsoft Jet Database Engine Could Allow Remote Code Execution (950749)");
 script_summary(english:"Checks for ms08-028");

 script_set_attribute(attribute:"synopsis", value:
"Arbitrary code can be executed on the remote host through the database
engine.");
 script_set_attribute(attribute:"description", value:
"The remote host has a bug in its Microsoft Jet Database Engine
(837001).

An attacker may exploit one of these flaws to execute arbitrary code on
the remote system.

To exploit this flaw, an attacker would need the ability to craft a
specially malformed database query and have this engine execute it.");
 script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2008/ms08-028");
 script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Windows 2000, XP and
2003.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(attribute:"exploit_framework_core", value:"true");
 script_set_attribute(attribute:"exploited_by_malware", value:"true");
 script_cwe_id(119);

 script_set_attribute(attribute:"vuln_publication_date", value:"2005/03/31");
 script_set_attribute(attribute:"patch_publication_date", value:"2008/05/13");
 script_set_attribute(attribute:"plugin_publication_date", value:"2008/05/13");

 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);

 script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.");
 script_family(english:"Windows : Microsoft Bulletins");

 script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
 script_require_keys("SMB/MS_Bulletin_Checks/Possible");
 script_require_ports(139, 445, 'Host/patch_management_checks');
 exit(0);
}

include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS08-028';
kb = '950749';

kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);

if (hotfix_check_sp_range(win2k:'4,5', xp:'2', win2003:'1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

rootfile = hotfix_get_systemroot();
if (!rootfile) exit(1, "Failed to get the system root.");

share = hotfix_path2share(path:rootfile);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  hotfix_is_vulnerable(os:"5.2", sp:1, arch:"x86", file:"Msjet40.dll", version:"4.0.9511.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.2", sp:1, arch:"x64", file:"Wmsjet40.dll", version:"4.0.9511.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.1", sp:2, file:"Msjet40.dll", version:"4.0.9511.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.0", file:"Msjet40.dll", version:"4.0.9511.0", dir:"\system32", bulletin:bulletin, kb:kb)
)
{
  set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}

Saint

bid12960
descriptionMicrosoft Jet Database Engine buffer overflow
idwin_patch_jetiv
osvdb15187
titlems_jet_database
typeclient