0Day Windows JET Database Vulnerability disclosed by Zero Day Initiative

A zero day vulnerability in the Microsoft Windows Jet Database Engine has been disclosed by TrendMicro’s Zero Day Initiative even though a security update is not currently available from Microsoft.

This vulnerability was discovered by Lucas Leong of the Trend Micro Security Research team and could allow attackers to perform remote code execution on a vulnerable machine. To initiate this attack, a specially crafted Jet database file would need to be opened, which would then perform an out-of-bounds write to the program’s memory buffer. This would then lead to remote code execution on the targeted Windows computer.

This vulnerability has been assigned the ZDI-18-1075 ID and is stated to affect “Windows”. It is not known if all versions of Windows are affected by this vulnerability. ..Read More..

Leave a Reply

Your email address will not be published.