Zero-day vulnerability in Microsoft Jet

The vulnerability initially had three CVEs: CVE-2005-0944, CVE-2007-6026 and CVE-2008-1092.
The issue has been introduced on 02/17/2000. The vulnerability was handled as a non-public zero-day exploit for at least 2832 days.

Advisory: SB2008032101 - Remote code execution in Microsoft Jet

Vulnerable component: Microsoft Jet

CVE-ID: CVE-2007-6026

CVSSv3 score: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C

CWE-ID: CWE-120 - Buffer overflow

Description:

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to boundary error in Jet database engine when parsing .mdb files. A remote attacker can create a specially crafted .mdb file, trick the victim into opening it and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Note: this vulnerability is publicly disclosed since 2005, however an attack vector was introduced only in 2008. The vulnerability is being actively exploited.

- Microsoft Jet Engine - '.MDB' File Parsing Stack Overflow (PoC) [Exploit-DB]

External links:

http://news.softpedia.com/news/Latest-Vulnerability-Attacks-Steer-Clear-of-Vista-SP1-but-Not-XP-SP3-...
https://www.symantec.com/security_response/writeup.jsp?docid=2008-032803-4407-99
https://co.norton.com/security_response/print_writeup.jsp?docid=2008-032619-5301-99
https://technet.microsoft.com/library/security/950627
https://technet.microsoft.com/library/security/ms08-028