Microsoft JET Database Engine Arbitrary Code Execution Vulnerability

By GIXnews

A vulnerability in the Microsoft JET Database Engine component of Microsoft Windows could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.

The vulnerability is due to improper memory operations that are performed by the affected software. An attacker could exploit the vulnerability by persuading a user to access or import a Microsoft JET Database Engine file that submits malicious input to the affected software. A successful exploit could allow the attacker to execute arbitrary code and compromise the system completely.

Microsoft confirmed the vulnerability and released software updates.

Security Impact Rating: High

CVE: CVE-2018-8423

Source:: Cisco Multivendor Vulnerability Alerts