Powered by

Microsoft misses disclosure deadline to patch RCE bug in JET

Sep 22, 2018 - ICT Monitor Worldwide

Trend Micros Zero Day Initiative (ZDI) team disclosed a still-unpatched remote code execution vulnerability in Microsofts JET Database Engine yesterday, claiming the software giant failed to fix the flaw within its 120-day disclosure window.

Discovered by Trend Micro researcher Lucas Leong, the zero-day bug is an out-of-bounds write issue pertaining to the management of indexes within the engine. Crafted data in a database file can trigger a write past the end of an allocated buffer. An at...