Rule Category

FILE-OTHER -- Snort detected traffic targeting vulnerabilities in a file type that does not require enough rule coverage to have its own category.

Alert Message

FILE-OTHER Microsoft Windows JET Database Engine out-of-bounds write attempt

Rule Explanation

This event is generated when a malformed Microsoft Jet Database file traverses the network. Impact: Attempted User Privilege Gain Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the management of indexes in the Jet database engine. Crafted data in a database file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Ease of Attack:

What To Look For

No information provided

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

Rule Groups

No rule groups

CVE

Additional Links

Rule Vulnerability

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.
CVE-2018-8423
Loading description
CVE-2019-1359
Loading description