Microsoft Jet Engine MDB File Parsing Stack Overflow PoC

セキュリティ

なんか微妙だけど、JetEngineの脆弱性で任意のコードを実行できるそうです。

MDBファイルだったら、別に任意のコードを実行可能なの当たり前な気がする・・・うーん

A remote code execute vulnerability exists in Microsoft Jet
Engine. A remote attacker who successfully exploit this vulnerability
can execute arbitrary code on the affected system.

MDBを開くと計算機が出るそうです。

Open the attached file
"Microsoft_Jet_Engine_MDB_File_Parsing_Exploit.mdb" with Office Access
2003 sp3 on Windows XP SP2, then "calc.exe" will be executed, please
do not use the exploit for attacking.

screenshot