[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] Advisory 2006-03-11 Directory Transversal in
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] Advisory 2006-03-11 Directory Transversal in
- From: "Nic Werner\r\n" <nicwerner@xxxxxxxxx>
- Date: Sat, 11 Mar 2006 22:44:22 -0800
Microsoft Access
Message-ID: <ec6518abbfa1239ef45bd1ce3b26e64f@xxxxxxxxxxxxxxxx>
X-Priority: 3
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="iso-8859-1"
Advisory 2006-03-11 Directory Transversal in
Microsoft Access
I. BACKGROUND
Advisory marked for immediate release.
II. DESCRIPTION
Remote exploitation of a directory traversal vulnerability in
Microsoft Access could allow attackers to overwrite or view arbitrary files
with user-supplied contents.
III. HISTORY
This advisory has no history.
IV. WORKAROUND
There are no known workarounds.
V. VENDOR RESPONSE
Microsoft Access has not commented on this issue.
VI. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CVE-2006-668264 to this issue.
APPENDIX A. - Vendor Information
http://www.microsoft.com
APPENDIX B. - References
NONE
CONTACT:
*Nic Werner
bantown@xxxxxxx
*1-888-LOL-WHAT
*CISSP GSAE CCE CEH CSFA GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/