Microsoft Windows Jet Database Engine Vulnerability

According to the an advisory released by Zero Day Initiative (ZDI), the vulnerability is due to a problem with the management of indexes in the Jet database engine that, if exploited successfully, can cause an out-out-bounds memory write, leading to remote code execution. An attacker must convince a targeted user into opening a specially crafted JET database file in order to exploit this vulnerability and remotely execute malicious code on a targeted vulnerable Windows computer.

Proof-of-concept exploit code for the vulnerability has also been published by the Trend Micro its GitHub page.

Microsoft is working on a patch for the vulnerability, and since it was not included in September Patch Tuesday, you can expect the fix in Microsoft’s October patch release.

Read more at Zero Day Initiative