Microsoft Jet数据库引擎MDB文件解析远程栈溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1188424 漏洞类型 缓冲区溢出
发布时间 2007-11-16 更新时间 2008-09-05
CVE编号 CVE-2008-1092 CNNVD-ID CNNVD-200803-401
漏洞平台 N/A CVSS评分 9.3
|漏洞来源
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200803-401
|漏洞详情
MicrosoftJet数据库是MSOffice应用程序中广泛使用的轻型数据库。Jet数据库在处理畸形MDB文件时存在缓冲区溢出漏洞,远程攻击者可能利用此漏洞通过诱使用户处理恶意文件,控制服务器。OfficeAccess在解析MDB文件时会调用Jet数据库引擎(msjet40.dll),如果解析了恶意的MDB文件就会在以下代码中触发栈溢出:C:\Windows\System32\msjet40.dll,版本为4.0.8618.0.text:1B0B72BBmovecx,edx;ecx=0x5200.text:1B0B72BDmovesi,edi;esipointtothedatas.text:1B0B72BFmovebp,ecx;whichcanbefindinthemdbfile.text:1B0B72C1leaedi,[esp+40h];edipointtostackmemory.text:1B0B72C5shrecx,2.text:1B0B72C8repmovsd;stackoverflow!!.text:1B0B72CAmovecx,ebp.text:1B0B72CCmoveax,[eax+1].text:1B0B72CFandecx,3.text:1B0B72D2repmovsb以下为调试信息:eax=05f5cb67ebx=05e66458ecx=00005200edx=00005200esi=05f5cd12edi=0013db60eip=1b0b72c5esp=0013db20ebp=00005200iopl=0nvupeiplnzacpenccs=001bss=0023ds=0023es=0023fs=003bgs=0000efl=00000216msjet40!Ordinal55+0x23cd8:1b0b72c5c1e902shrecx,20:000>ueipmsjet40!Ordinal55+0x23cd8:1b0b72c5c1e902shrecx,21b0b72c8f3a5repmovsdwordptres:[edi],dwordptr[esi]1b0b72ca8bcdmovecx,ebp1b0b72cc8b4001moveax,dwordptr[eax+1]1b0b72cf83e103andecx,31b0b72d2f3a4repmovsb
|参考资料

来源:US-CERT:VU#936529
名称:VU#936529
链接:http://www.kb.cert.org/vuls/id/936529
来源:XF
名称:microsoft-jet-msjet40-bo(41380)
链接:http://xforce.iss.net/xforce/xfdb/41380
来源:SECTRACK
名称:1019686
链接:http://www.securitytracker.com/id?1019686
来源:MS
名称:MS08-028
链接:http://www.microsoft.com/technet/security/bulletin/ms08-028.mspx
来源:MSKB
名称:950627
链接:http://www.microsoft.com/technet/security/advisory/950627.mspx
来源:HP
名称:SSRT080071
链接:http://marc.info/?l=bugtraq&m=121129490723574&w=2