Unpatched.ai can make mistakes. Public reports may be added, updated, or removed at any time.
Report ID: 2024-226
An improper input validation issue exists in Microsoft Access, specifically MSACCESS.EXE version 16.0.18025.20214 when opening a specially crafted file. By sending a target the file and convincing them to open it, an attacker could unlikely gain Remote Code Execution (RCE) on the target's computer due to the unpatched issue. However, even if RCE isn't achieved, the crash could result in Denial of Service (DoS) for the target application. In addition, likely due to how Microsoft Access handles recent files, file recovery, and file repair, it is possible the issue could result in a persistent DoS attack, where the application will continue to crash, even after reboot by the target.
ExceptionAddress: 00007ffb0cf1a7dd (mso20win32client!CrashWithRecovery+0x000000000000004d) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000NumberParameters: 2 Parameter[0]: 0000000000000001 Parameter[1]: 0000000000000000Attempt to write to address 0000000000000000Child-SP RetAddr : Args to Child : Call Site000000c4`727b6f10 00007ffb`0d158ad6 : 0000027f`01483052 00000000`00000000 00007ffb`0d4faf90 000000c4`727b70a8 : mso20win32client!CrashWithRecovery+0x4d000000c4`727b6f70 00007ffb`d1921ee9 : 00000000`00000016 00000000`00000000 00000000`00000000 00000000`00000016 : mso20win32client!EnableAbortRedirectLiblet::Uninit+0x93000000c4`727b6fe0 00007ffb`d1905011 : 00000000`56000001 00000000`00000000 00000000`00000000 000000c4`727b7090 : ucrtbase!raise+0x1d9000000c4`727b7060 00007ff7`4c2acb5a : 00000000`00000003 00000000`00000003 ffffffff`fffffffe 0000027f`24c3cff0 : ucrtbase!abort+0x31000000c4`727b7090 00007ffb`d1921f37 : 00000000`56000001 00000000`00000000 0000027f`25090fc8 00000000`00000000 : msaccess!SetEnumIntlView+0x202a000000c4`727b70c0 00007ff7`4c0b61d4 : 00000000`56000001 00000000`00000000 00007ffb`0d4faf90 00000000`00000000 : ucrtbase!terminate+0x17000000c4`727b70f0 00007ff7`4c0b7687 : 00000000`00000000 00000000`00000000 00000000`00000000 000000c4`727b71b0 : msaccess!JETESLoadProjectTypeLib+0x40d4000000c4`727b7130 00007ff7`4c0b6660 : 0000027f`25090f60 0000027f`2fedaf90 00001786`cf1e62a1 00007ffb`d3b67776 : msaccess!JETESLoadProjectTypeLib+0x5587000000c4`727b7190 00007ff7`4c0b5bd1 : 0000027f`6dd31fe0 0000027f`6dd31fe0 0000027f`265a3df0 00000000`00000000 : msaccess!JETESLoadProjectTypeLib+0x4560000000c4`727b71c0 00007ff7`4c0b8b92 : 00000000`00000000 000000c4`727b7730 00000000`00000000 0000027f`6cfa0000 : msaccess!JETESLoadProjectTypeLib+0x3ad1000000c4`727b71f0 00007ff7`4c09ffa8 : 00000000`00000000 00000000`00000000 00000000`00000001 00007ff7`4cb1053f : msaccess!JETESLoadProjectTypeLib+0x6a92000000c4`727b72a0 00007ff7`4c8ffe6b : 0000027f`32509d60 00007ff7`4cce0258 0000027f`265a3df0 00007ff7`4c91bd90 : msaccess!ReleaseAccessIconResource+0x25aa8000000c4`727b72d0 00007ff7`4c91bc28 : 00000000`00000000 00007ff7`4cce0258 0000027f`32509d60 00007ff7`4c8fec3e : msaccess!OpenHscrEmbedded+0x53dfb000000c4`727b7300 00007ff7`4c91bf35 : 0000027f`265a3df0 00000000`00000000 0000027f`265a3df0 000000c4`727b7730 : msaccess!OpenHscrEmbedded+0x6fbb8000000c4`727b7360 00007ff7`4c09fdcd : 00000000`00000000 0000027f`265a3df0 0000027f`265a3df0 00007ffb`d10cb4a1 : msaccess!OpenHscrEmbedded+0x6fec5000000c4`727b7390 00007ff7`4c09c289 : 0000027f`230d8f30 0000027f`26757fe8 00000000`00000000 00000000`00000411 : msaccess!ReleaseAccessIconResource+0x258cd000000c4`727b75e0 00007ff7`4c90c43f : 0000027f`00000001 00000000`00000000 00000000`00008000 00007ff7`4c15c508 : msaccess!ReleaseAccessIconResource+0x21d89000000c4`727b7650 00007ff7`4c94a634 : 00000000`00000000 00000000`00008000 000000c4`727b7cd9 0000027f`355f0860 : msaccess!OpenHscrEmbedded+0x603cf000000c4`727b76c0 00007ff7`4c5220b5 : 000000c4`727b7b78 00000000`00000000 00000000`00000000 00000000`00000000 : msaccess!OpenHscrEmbedded+0x9e5c4000000c4`727b7b20 00007ff7`4c0ad380 : 0000027f`11599ec0 000000c4`727b7ce0 00007ffb`d19988c0 000000c4`727b7ce0 : msaccess!MSAU_GetSizeList+0x2715000000c4`727b7c70 00007ff7`4c0ac7c0 : 00000000`00000000 00000000`00000000 0000027f`11599ec0 00000000`00000000 : msaccess!ReleaseAccessIconResource+0x32e80000000c4`727b7d40 00007ff7`4c925b5a : 0000027f`11599f18 00000000`00000000 0000027f`11599ec0 00000000`00000000 : msaccess!ReleaseAccessIconResource+0x322c0000000c4`727b8040 00007ff7`4c0b0a7e : 0000027f`78c2cd70 000000c4`727b8740 0000027f`78c2cd70 00000000`00000000 : msaccess!OpenHscrEmbedded+0x79aea000000c4`727b8200 00007ff7`4c0a1de6 : 000000c4`727b83b0 000000c4`727b84e8 0000027f`7fe56f70 000000c4`727b84e8 : msaccess!ReleaseAccessIconResource+0x3657e000000c4`727b8350 00007ff7`4c246d2e : 000000c4`727b8740 00000000`00000000 00000000`00000000 00000000`00000000 : msaccess!ReleaseAccessIconResource+0x278e6000000c4`727b8470 00007ff7`4c242e71 : 000000c4`727bc310 00000000`00000000 00007ffb`d3b40000 000000c4`727bdc50 : msaccess!MSAU_ErrSortStringArray+0x345ce000000c4`727bc2b0 00007ff7`4c23cbab : 00000000`00000105 00000000`00000000 00000000`00000000 00000000`00000000 : msaccess!MSAU_ErrSortStringArray+0x30711000000c4`727bdb60 00007ff7`4c24374a : 00000000`00000000 00000000`00000000 00000000`00000001 00000000`00000000 : msaccess!MSAU_ErrSortStringArray+0x2a44b000000c4`727bf240 00007ff7`4c50030b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : msaccess!MSAU_ErrSortStringArray+0x30fea000000c4`727bf760 00007ff7`4c50140e : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : msaccess!GetAccessIntellisenseManager+0x5c8cb000000c4`727bf900 00007ff7`4c072612 : 00000000`0000000a 00000000`00000000 00000000`00000000 00000000`00000000 : msaccess!GetAccessIntellisenseManager+0x5d9ce000000c4`727bf9e0 00007ffb`d27bdbe7 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : msaccess!Ordinal59+0x12612000000c4`727bfa20 00007ffb`d3c1fbec : 00000000`00000000 00000000`00000000 000004f0`fffffb30 000004d0`fffffb30 : KERNEL32!BaseThreadInitThunk+0x17000000c4`727bfa50 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x2c