Microsoft Windows JET Engine Msrd3x Code Execution Vulnerability


Userlevel 7
Badge +48
By Honggang Ren | January 11, 2019

Threat Analysis from FortiGuard Labs

In September 2018, Fortinet's FortiGuard Labs researcher Honggang Ren discovered a code execution vulnerability in Windows JET Engine Msrd3x40 and reported it to Microsoft by following Fortinet’s responsible disclosure process. On patch Tuesday of January 2019, Microsoft released a Security Bulletin that contains the fix for this vulnerability and identifies it as CVE-2019-0538.

The vulnerable DLL msrd3x40 is a component of all supported Windows versions from Windows 7 to Windows 10. The vulnerability we reported can be triggered with a crafted mdb file. When the mdb PoC file is parsed, a heap corruption occurs due to freeing an invalid heap address. This could result in a code execution exploit.

In this blog, we want to share our detailed analysis of this vulnerability.

Analysis

There are two methods for reproducing this vulnerability.

Full Article.

0 replies

Be the first to reply!

Reply

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept or continue browsing you agree to our cookie policy. Learn more about our cookies.

    Accept cookies Cookie settings