By Honggang Ren | January 11, 2019
Threat Analysis from FortiGuard Labs
In September 2018, Fortinet's FortiGuard Labs researcher Honggang Ren discovered a code execution vulnerability in Windows JET Engine Msrd3x40 and reported it to Microsoft by following Fortinet’s responsible disclosure process
. On patch Tuesday of January 2019, Microsoft released a Security Bulletin
that contains the fix for this vulnerability and identifies it as CVE-2019-0538
The vulnerable DLL msrd3x40 is a component of all supported Windows versions from Windows 7 to Windows 10. The vulnerability we reported can be triggered with a crafted mdb file. When the mdb PoC file is parsed, a heap corruption occurs due to freeing an invalid heap address. This could result in a code execution exploit.
In this blog, we want to share our detailed analysis of this vulnerability.
There are two methods for reproducing this vulnerability.