See? There is something you can do with an Access database that you can't do with a DBF... <vbg>
(2) CRITICAL: Microsoft Jet Engine MDB File Parsing Buffer Overflow (MS08-28) Affected: Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Description: The Microsoft Jet Engine is a database engine used by a variety of Microsoft applications. This engine is included by default in some versions of Microsoft Windows. The engine contains a stack-based buffer overflow in its handling of "MDB" database files. A specially crafted MDB file could trigger this buffer overflow, allowing an attacker to execute arbitrary code with the privileges of the current user. Note that MDB files by default are considered an "unsafe" file type by Microsoft applications and will not be opened without first prompting the user. A new attack vector has been discovered, however, that is capable of bypassing this restriction. It is believed that this advisory or its exploitation vector is related to an issue discussed in a previous edition of @RISK. If this is the case, then full technical details and a proof-of-concept are publicly available for this vulnerability. Status: Microsoft confirmed, updates available. -- Richard Kaye Vice President Artfact/RFC Systems Voice: 617.219.1038 Fax: 617.219.1001 For the fastest response time, please send your support queries to: Technical Support - [EMAIL PROTECTED] Internet Support - [EMAIL PROTECTED] All Other Requests - [EMAIL PROTECTED] --------------------------------------------------------- This message has been checked for viruses before sending. --------------------------------------------------------- _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/[EMAIL PROTECTED] ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
