Unpatched.ai can make mistakes. Public reports may be added, updated, or removed at any time.
Report ID: 2024-221
An improper input validation issue exists in Microsoft Access, specifically MSACCESS.EXE version 16.0.18025.20214 when opening a specially crafted file. By sending a target the file and convincing them to open it, an attacker could unlikely gain Remote Code Execution (RCE) on the target's computer due to the unpatched issue. However, even if RCE isn't achieved, the crash could result in Denial of Service (DoS) for the target application. In addition, likely due to how Microsoft Access handles recent files, file recovery, and file repair, it is possible the issue could result in a persistent DoS attack, where the application will continue to crash, even after reboot by the target.
ExceptionAddress: 00007ffb0cfea7dd (mso20win32client!CrashWithRecovery+0x000000000000004d) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000NumberParameters: 2 Parameter[0]: 0000000000000001 Parameter[1]: 0000000000000000Attempt to write to address 0000000000000000Child-SP RetAddr : Args to Child : Call Site000000e4`d4ef5c00 00007ffb`0d228ad6 : 000002ac`01483052 00000000`00000000 00007ffb`0d5caf90 000000e4`d4ef5d98 : mso20win32client!CrashWithRecovery+0x4d000000e4`d4ef5c60 00007ffb`d1921ee9 : 00000000`00000016 00000000`00000000 00000000`00000000 00000000`00000016 : mso20win32client!EnableAbortRedirectLiblet::Uninit+0x93000000e4`d4ef5cd0 00007ffb`d1905011 : 00000000`1de90001 00000000`00000000 00000000`00000000 000000e4`d4ef5d80 : ucrtbase!raise+0x1d9000000e4`d4ef5d50 00007ff7`4c2acb5a : 00000000`00000003 00000000`00000003 ffffffff`fffffffe 000002ac`e5488ff0 : ucrtbase!abort+0x31000000e4`d4ef5d80 00007ffb`d1921f37 : 00000000`1de90001 00000000`00000000 000002ac`fe7acfc8 00000000`00000000 : msaccess!SetEnumIntlView+0x202a000000e4`d4ef5db0 00007ff7`4c0b61d4 : 00000000`1de90001 00000000`00000000 00007ffb`0d5caf90 00000000`00000000 : ucrtbase!terminate+0x17000000e4`d4ef5de0 00007ff7`4c0b7687 : 00000000`00000000 00000000`00000000 00000000`00000000 00007ff7`4c0b5ac6 : msaccess!JETESLoadProjectTypeLib+0x40d4000000e4`d4ef5e20 00007ff7`4c0b6660 : 000002ac`fe7acf60 000002ac`fe7cef90 00003f87`c2bf1d51 00007ff7`4c09fa8e : msaccess!JETESLoadProjectTypeLib+0x5587000000e4`d4ef5e80 00007ff7`4c0b5bd1 : 000002ac`fe7aafe0 000002ac`fe7aafe0 000000e4`d4ef5f50 00000000`00000000 : msaccess!JETESLoadProjectTypeLib+0x4560000000e4`d4ef5eb0 00007ff7`4c0b5d0d : 000002ac`b8af8ec0 000000e4`d4ef6748 000002ac`d0f50860 000002ac`d0f50860 : msaccess!JETESLoadProjectTypeLib+0x3ad1000000e4`d4ef5ee0 00007ff7`4c0a1ad7 : 000002ac`fe7a2fd0 000002ac`ebabdfd6 000002ac`ebabdfd6 000000e4`d4ef646e : msaccess!JETESLoadProjectTypeLib+0x3c0d000000e4`d4ef5f20 00007ff7`4c859ee4 : 00000000`00000000 00000000`00008004 00000000`00000000 00000000`00000000 : msaccess!ReleaseAccessIconResource+0x275d7000000e4`d4ef6090 00007ff7`4c85b843 : 000002ac`d0f50860 00000000`00000000 000002ac`e58eafd0 000002ac`d0f50860 : msaccess!FUniqueIndexTableFieldEx+0xfb3b4000000e4`d4ef6680 00007ff7`4c81dc50 : 000002ac`d0f50860 000000e4`d4ef6760 00000000`00000000 000002ac`e613ef00 : msaccess!FUniqueIndexTableFieldEx+0xfcd13000000e4`d4ef6710 00007ff7`4c850956 : 000002ac`e58eafd0 00000000`00008004 000002ac`b85e6f40 00000000`00000000 : msaccess!FUniqueIndexTableFieldEx+0xbf120000000e4`d4ef6790 00007ff7`4c63536d : 000002ac`ebabdfc8 00000000`00000000 000002ac`f9516f90 00000000`ffffffef : msaccess!FUniqueIndexTableFieldEx+0xf1e26000000e4`d4ef67f0 00007ffb`04467504 : 00000000`00000000 000002ac`f9516f90 000000e4`d4ef6840 000002ac`e4db8f90 : msaccess!AccessLoadString+0x7e5bd000000e4`d4ef6820 00007ffb`0441e8b5 : 00000000`00000000 00000000`00000000 000002ac`f9516e78 00000000`00000000 : VBE7!CProjitemDocument::LoadDocItem+0x58000000e4`d4ef6860 00007ffb`045cf624 : 00000000`00000000 00000000`00000000 000002ac`f9454498 00000000`00000001 : VBE7!HostGetBaseClassTypeInfo3+0xf5000000e4`d4ef68c0 00007ffb`045cb071 : 000002ac`f52ef9d0 000000e4`d4ef6b48 000000e4`d4ef6e40 000002ac`a5f80000 : VBE7!IMPMGR::HookUpBaseTypeInfo+0xb8000000e4`d4ef6930 00007ffb`045cad91 : 000002ac`f52ef9d0 00007ffb`00000010 000002ac`a5f80000 00000000`00000000 : VBE7!IMPMGR::LoadTypeInfo+0xe5000000e4`d4ef6970 00007ffb`045cbbc4 : 000002ac`f52ef9d0 00000000`00000010 000002ac`00000000 000000e4`d4ef6a48 : VBE7!IMPMGR::GetTypeInfo+0xcd000000e4`d4ef69e0 00007ffb`045cc1e1 : 000002ac`f52ef9d0 00007ffb`00000000 000000e4`d4ef6a48 000000e4`d4ef6b48 : VBE7!IMPMGR::GetCoClassTypeInfoOfBase+0x78000000e4`d4ef6a20 00007ffb`045cf3ed : 000002ac`f52ef9d0 000000e4`d4ef6b98 000000e4`d4ef6bb0 00000001`00000001 : VBE7!IMPMGR::GetBaseTypeInfoAttribute+0x65000000e4`d4ef6b70 00007ffb`0456b8a3 : 000002ac`f52ef9d0 000002ac`fe790be0 000000e4`d4ef6c70 000002ac`eda4bfd0 : VBE7!IMPMGR::Write+0x1f5000000e4`d4ef6bc0 00007ffb`045738a5 : 000002ac`f4318c40 000002ac`fe790be0 000002ac`00000000 000002ac`fe78cf60 : VBE7!BASIC_TYPEROOT::WriteParts+0x583000000e4`d4ef6c80 00007ffb`04573430 : 000002ac`f4318c40 000002ac`fe790be0 000002ac`00000000 000000e4`d4ef6ce8 : VBE7!BASIC_TYPEROOT::WriteToStream+0xe5000000e4`d4ef6cc0 00007ffb`04545292 : 000002ac`f4318c40 000002ac`f413bf00 000000e4`d4ef7020 000000e4`d4ef7378 : VBE7!BASIC_TYPEROOT::Write+0x1b0000000e4`d4ef6e00 00007ffb`04544c3a : 000002ac`f3b4ff80 000002ac`f413bf00 000000e4`d4ef0006 000002ac`00000001 : VBE7!ExecProj::SaveModule+0x32a000000e4`d4ef7450 00007ffb`0443423c : 000002ac`f3b4ff80 00000000`00000000 000000e4`00000001 000002ac`d0f50860 : VBE7!ExecProj::Save+0x1da000000e4`d4ef7a80 00007ff7`4c6377a8 : 000002ac`f944ef38 00007ffb`0445e621 000002ac`f3b288b0 000002ac`f944ef38 : VBE7!Project::StgSave+0x134000000e4`d4ef7b60 00007ff7`4c853cfc : 00000000`00000000 00000000`00000000 000002ac`f944ef38 000002ac`f944ef38 : msaccess!AccessLoadString+0x809f8000000e4`d4ef7bd0 00007ff7`4c635c7c : 000002ac`b85e6f40 00000000`00000000 00000000`00000000 00000000`00000001 : msaccess!FUniqueIndexTableFieldEx+0xf51cc000000e4`d4ef7ca0 00007ff7`4c851808 : 000002ac`b85e6f70 00000000`80004005 000002ac`b85e6f40 00000000`00000000 : msaccess!AccessLoadString+0x7eecc000000e4`d4ef8090 00007ff7`4c852164 : 000002ac`b85e6f40 000000e4`d4ef81e0 00000000`00000000 000002ac`00000000 : msaccess!FUniqueIndexTableFieldEx+0xf2cd8000000e4`d4ef8140 00007ff7`4c817f3b : 00000000`00000000 000002ac`e427efa0 00000000`00000001 00000000`00000001 : msaccess!FUniqueIndexTableFieldEx+0xf3634000000e4`d4ef81e0 00007ff7`4c0ad6f0 : 000002ac`b8af8ec0 000002ac`b8af8ec0 000002ac`b8af8ec0 00000000`00000000 : msaccess!FUniqueIndexTableFieldEx+0xb940b000000e4`d4ef8320 00007ff7`4c925b8f : 00000000`00000000 000002ac`b8af8ec0 00000000`00000000 00000000`00000000 : msaccess!ReleaseAccessIconResource+0x331f0000000e4`d4ef8360 00007ff7`4c0b0a7e : 000002ac`b1b26d70 000000e4`d4ef8a60 000002ac`b1b26d70 00000000`00000000 : msaccess!OpenHscrEmbedded+0x79b1f000000e4`d4ef8520 00007ff7`4c0a1de6 : 000000e4`d4ef86d0 000000e4`d4ef8808 000002ac`d362cf70 000000e4`d4ef8808 : msaccess!ReleaseAccessIconResource+0x3657e000000e4`d4ef8670 00007ff7`4c246d2e : 000000e4`d4ef8a60 00000000`00000000 00000000`00000000 00000000`00000000 : msaccess!ReleaseAccessIconResource+0x278e6000000e4`d4ef8790 00007ff7`4c242e71 : 000000e4`d4efc630 00000000`00000000 00007ffb`d3b40000 000000e4`d4efdf70 : msaccess!MSAU_ErrSortStringArray+0x345ce000000e4`d4efc5d0 00007ff7`4c23cbab : 00000000`00000105 00000000`00000000 00000000`00000000 00000000`00000000 : msaccess!MSAU_ErrSortStringArray+0x30711000000e4`d4efde80 00007ff7`4c24374a : 00000000`00000000 00000000`00000000 00000000`00000001 00000000`00000000 : msaccess!MSAU_ErrSortStringArray+0x2a44b000000e4`d4eff560 00007ff7`4c50030b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : msaccess!MSAU_ErrSortStringArray+0x30fea000000e4`d4effa80 00007ff7`4c50140e : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : msaccess!GetAccessIntellisenseManager+0x5c8cb000000e4`d4effc20 00007ff7`4c072612 : 00000000`0000000a 00000000`00000000 00000000`00000000 00000000`00000000 : msaccess!GetAccessIntellisenseManager+0x5d9ce000000e4`d4effd00 00007ffb`d27bdbe7 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : msaccess!Ordinal59+0x12612000000e4`d4effd40 00007ffb`d3c1fbec : 00000000`00000000 00000000`00000000 000004f0`fffffb30 000004d0`fffffb30 : KERNEL32!BaseThreadInitThunk+0x17000000e4`d4effd70 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x2c