This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 1999-07-28
Product Jet Last view 2008-03-06
Version 4.0 Type
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:microsoft:jet:4.0:*:*:*:*:*:*:* 5
cpe:2.3:a:microsoft:jet:3.5:*:*:*:*:*:*:* 3
cpe:2.3:a:microsoft:jet:3.51:*:*:*:*:*:*:* 2
cpe:2.3:a:microsoft:jet:3.5.1:*:*:*:*:*:*:* 2
cpe:2.3:a:microsoft:jet:4.0:sp4:*:*:*:*:*:* 2
cpe:2.3:a:microsoft:jet:4.0:sp5:*:*:*:*:*:* 2
cpe:2.3:a:microsoft:jet:4.0:sp1:*:*:*:*:*:* 2
cpe:2.3:a:microsoft:jet:4.0:sp2:*:*:*:*:*:* 2
cpe:2.3:a:microsoft:jet:4.0:sp3:*:*:*:*:*:* 2
cpe:2.3:a:microsoft:jet:4.0.8618.0:*:*:*:*:*:*:* 2

Related : CVE

  Date Alert Description
9.3 2008-03-06 CVE-2008-1200

Unspecified vulnerability in Microsoft Access allows remote user-assisted attackers to execute arbitrary code via a crafted .MDB file, possibly related to Jet Engine (msjet40.dll). NOTE: this is probably a different issue than CVE-2007-6026.
9.3 2007-11-19 CVE-2007-6026

Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count. NOTE: this might be the same issue as CVE-2005-0944.
7.5 2005-05-02 CVE-2005-0944

Unknown vulnerability in Microsoft Jet DB engine (msjet40.dll) 4.00.8618.0, related to insufficient data validation, allows remote attackers to execute arbitrary code via a crafted mdb file.
7.5 2004-06-01 CVE-2004-0197

Buffer overflow in Microsoft Jet Database Engine 4.0 allows remote attackers to execute arbitrary code via a specially-crafted database query.
7.5 2002-09-05 CVE-2002-0859

Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code.
7.2 1999-08-20 CVE-2000-0325

The Microsoft Jet database engine allows an attacker to execute commands via a database query, aka the "VBA Shell" vulnerability.
7.6 1999-07-28 CVE-2000-0323

The Microsoft Jet database engine allows an attacker to modify text files via a database query, aka the "Text I-ISAM" vulnerability.

CWE : Common Weakness Enumeration

%idName
100% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

Oval Markup Language : Definitions

OvalID Name
oval:org.mitre.oval:def:968 MS Jet Database Buffer Overflow
oval:org.mitre.oval:def:5578 Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability

SAINT Exploits

Description Link
Microsoft Jet Engine MDB file ColumnName buffer overflow More info here
Microsoft Jet Database Engine buffer overflow More info here

Open Source Vulnerability Database (OSVDB)

id Description
59322 Microsoft Jet Database Crafted Query Arbitrary Command Execution
44880 Microsoft Windows msjet40.dll MDB File Handling Overflow
43068 Microsoft Access MDB File Handling Unspecified Arbitrary Code Execution
15187 Microsoft Jet Database msjet40.dll File Parsing Overflow
5241 Microsoft Jet Database Engine Remote Code Execution
5064 Microsoft SQL Server Jet Engine OpenDataSource Function Overflow
1052 Microsoft Jet Database Text I-ISAM Arbitrary File Modification

OpenVAS Exploits

id Description
2008-09-03 Name : Windows Vulnerability in Microsoft Jet Database Engine
File : nvt/win_CVE-2007-6026.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2008-A-0030 Microsoft Jet Database Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0016013

Snort® IPS/IDS

Date Description
2017-06-06 Microsoft Jet DB Engine Buffer Overflow attempt
RuleID : 42446 - Type : OS-WINDOWS - Revision : 2
2017-06-06 Microsoft Jet DB Engine Buffer Overflow attempt
RuleID : 42445 - Type : OS-WINDOWS - Revision : 2
2017-06-06 Microsoft Jet DB Engine Buffer Overflow attempt
RuleID : 42444 - Type : OS-WINDOWS - Revision : 2
2017-06-06 Microsoft Jet DB Engine Buffer Overflow attempt
RuleID : 42443 - Type : OS-WINDOWS - Revision : 2
2017-06-06 Microsoft Jet DB Engine Buffer Overflow attempt
RuleID : 42442 - Type : OS-WINDOWS - Revision : 2
2017-06-06 Microsoft Jet DB Engine Buffer Overflow attempt
RuleID : 42441 - Type : OS-WINDOWS - Revision : 2
2017-06-06 Microsoft Jet DB Engine Buffer Overflow attempt
RuleID : 42440 - Type : OS-WINDOWS - Revision : 2
2014-01-10 Microsoft Office Access MSISAM file magic detected
RuleID : 23718 - Type : FILE-IDENTIFY - Revision : 7
2014-01-10 Microsoft Office Access TJDB file magic detected
RuleID : 23717 - Type : FILE-IDENTIFY - Revision : 7
2014-01-10 Microsoft Office Access JSDB file magic detected
RuleID : 23716 - Type : FILE-IDENTIFY - Revision : 7
2014-01-10 Microsoft Office Access file magic detected
RuleID : 23715 - Type : FILE-IDENTIFY - Revision : 8
2014-01-10 Microsoft Jet DB Engine Buffer Overflow attempt
RuleID : 17413 - Type : OS-WINDOWS - Revision : 12
2014-01-10 Microsoft Office Access MSISAM file magic detected
RuleID : 13633 - Type : FILE-IDENTIFY - Revision : 18
2014-01-10 Microsoft Office Access TJDB file magic detected
RuleID : 13630 - Type : FILE-IDENTIFY - Revision : 18
2014-01-10 Microsoft Office Access JSDB file magic detected
RuleID : 13629 - Type : FILE-IDENTIFY - Revision : 18
2014-01-10 Microsoft Office Access file magic detected
RuleID : 13626 - Type : FILE-IDENTIFY - Revision : 22

Nessus® Vulnerability Scanner

id Description
2008-05-13 Name: Arbitrary code can be executed on the remote host through the database engine.
File: smb_nt_ms08-028.nasl - Type: ACT_GATHER_INFO
2004-04-13 Name: Arbitrary code can be executed on the remote host through database engine.
File: smb_nt_ms04-014.nasl - Type: ACT_GATHER_INFO