- Knowledge Base
- Microsoft Jet Database Engine CVE-2018-1003 Buffer Overflow Vulnerability
Microsoft Jet Database Engine CVE-2018-1003 Buffer Overflow Vulnerability
- Date Published:2018-06-13
- Last Updated:2018-06-14
- Version Affected: Windows
- CVE: CVE-2018-1003
Microsoft Jet Database Engine is an underlying Database Engine, and Microsoft Access uses Jet as its default Database Engine. Jet can be used to operate relational databases, which are also part of a relational database management system. Other software uses Jet's interface to access data stored in Microsoft's database products. Jet also provides security, referential integrity, transaction processing, indexing, logging, page-level locking, and database replication.
A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
To exploit the vulnerability, a user must open a specially crafted Excel file while using an affected version of Microsoft Windows. In an email attack scenario, an attacker could exploit the vulnerability by sending a specially crafted Excel file to the user, and then convincing the user to open the file.
The security update addresses the vulnerability by modifying how the Microsoft JET Database Engine handles objects in memory.
1.At present, Microsoft has officially provided the patch or upgrade program, we suggest users who use this software to get the latest security updates as soon as possible: