Unpatched.ai can make mistakes. Public reports may be added, updated, or removed at any time.
Report ID: 2024-229
An improper input validation issue exists in Microsoft Access, specifically MSACCESS.EXE version 16.0.18025.20214 when opening a specially crafted file. By sending a target the file and convincing them to open it, an attacker could unlikely gain Remote Code Execution (RCE) on the target's computer due to the unpatched issue. However, even if RCE isn't achieved, the crash could result in Denial of Service (DoS) for the target application. In addition, likely due to how Microsoft Access handles recent files, file recovery, and file repair, it is possible the issue could result in a persistent DoS attack, where the application will continue to crash, even after reboot by the target.
ExceptionAddress: 00007ffb0d11a7dd (mso20win32client!CrashWithRecovery+0x000000000000004d) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000NumberParameters: 2 Parameter[0]: 0000000000000001 Parameter[1]: 0000000000000000Attempt to write to address 0000000000000000Child-SP RetAddr : Args to Child : Call Site000000f0`e5763e30 00007ffb`0d358ad6 : 000000f0`01483052 00000000`00000000 000002c1`9505c0f0 00007ffb`d23f35a1 : mso20win32client!CrashWithRecovery+0x4d000000f0`e5763e90 00007ffb`d1921ee9 : 00000000`00000016 000000f0`e5764920 000000f0`e5764920 00000000`00000016 : mso20win32client!EnableAbortRedirectLiblet::Uninit+0x93000000f0`e5763f00 00007ffb`d1905011 : 000000f0`e5764f01 000000f0`00000000 00000000`00000000 000000f0`e5763fb0 : ucrtbase!raise+0x1d9000000f0`e5763f80 00007ff7`4c2acb5a : 000000f0`00000003 00007ffb`00000003 ffffffff`fffffffe 000002c1`9505c0f0 : ucrtbase!abort+0x31000000f0`e5763fb0 00007ffb`d1921f37 : 000000f0`e5764fb0 000000f0`e5764920 00007ffb`af8a82f0 00007ffb`af8a82c0 : msaccess!SetEnumIntlView+0x202a000000f0`e5763fe0 00007ffb`b7741ab1 : 000000f0`e5764fb0 000000f0`e5764110 000000f0`e5764920 000000f0`e5764310 : ucrtbase!terminate+0x17000000f0`e5764010 00007ffb`b774232f : 00000000`00000000 00007ffb`af896f12 00007ff7`4c060000 00007ffb`af8a82c0 : VCRUNTIME140_1!FindHandler<__FrameHandler4>+0x461000000f0`e57641e0 00007ffb`b7742389 : 00007ff7`4c060000 000000f0`e5764fb0 000000f0`e5764ac0 00000000`00000001 : VCRUNTIME140_1!__InternalCxxFrameHandler<__FrameHandler4>+0x267000000f0`e5764280 00007ffb`b7744189 : 00007ff7`4c060000 000000f0`e5764fb0 000000f0`e5764ac0 000000f0`e5764920 : VCRUNTIME140_1!__InternalCxxFrameHandlerWrapper<__FrameHandler4>+0x35000000f0`e57642d0 00007ffb`d3ca3d9f : 000000f0`e5765770 00000000`00000081 000000f0`e57648d0 00000000`00000000 : VCRUNTIME140_1!_CxxFrameHandler4+0xa9000000f0`e5764340 00007ffb`d3b5f358 : 00000000`00000081 00007ff7`4c060000 00007ff7`4c908590 00007ff7`4cf80548 : ntdll!RtlpExecuteHandlerForException+0xf000000f0`e5764370 00007ffb`d3ca36de : 00000000`00000000 00007ffb`d3c634a7 000000f0`e57652f8 000002c1`d8500000 : ntdll!RtlDispatchException+0x2c8000000f0`e5764ac0 00007ffb`d115831a : 00000000`8890fb4a 000000f0`e57652f8 00000000`00000001 000002c1`00000001 : ntdll!KiUserExceptionDispatch+0x2e000000f0`e57651d0 00007ffb`af896ba7 : 000000f0`e5765370 00000000`8890fb4a 00000000`00000000 00000000`8890fb4a : KERNELBASE!RaiseException+0x8a000000f0`e57652d0 00007ff7`4c93e277 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`8890fb4a : VCRUNTIME140!_CxxThrowException+0x97 [D:\a\_work\1\s\src\vctools\crt\vcruntime\src\eh\throw.cpp @ 82] 000000f0`e5765330 00007ff7`4c9316d1 : 000002c1`8d7caf50 00000000`00000003 00000000`00000001 000002c1`8d7caf50 : msaccess!OpenHscrEmbedded+0x92207000000f0`e57655f0 00007ff7`4c90a354 : 000002c1`8d7caf50 00000000`00000003 00007ff7`4c931610 000000f0`e5765778 : msaccess!OpenHscrEmbedded+0x85661000000f0`e5765640 00007ff7`4c691fde : 000002c1`00000001 00000000`00000000 000000f0`e5765780 000000f0`e57657b0 : msaccess!OpenHscrEmbedded+0x5e2e4000000f0`e5765740 00007ff7`4c908590 : 000002c1`854acffe 000002c1`b58b1b28 00007ff7`4cc8ed18 00007ff7`4ccaf038 : msaccess!MSAU_FillInHashValues+0x2d82e000000f0`e5765770 00007ff7`4c90b853 : 00000000`fffffae7 00000000`00000001 000002c1`b58b1b28 000002c1`b58b1b28 : msaccess!OpenHscrEmbedded+0x5c520000000f0`e5765810 00007ff7`4c859888 : 000002c1`00000003 00000000`00000000 00000000`00000000 00000000`00000000 : msaccess!OpenHscrEmbedded+0x5f7e3000000f0`e57659d0 00007ff7`4c85b43b : 00000000`00000048 00000000`0000000c 00000000`00000000 00000000`00000000 : msaccess!FUniqueIndexTableFieldEx+0xfad58000000f0`e5765d10 00007ff7`4c85ae39 : 00000000`00000000 00000000`00000000 000000f0`e57668a8 00000000`0000000e : msaccess!FUniqueIndexTableFieldEx+0xfc90b000000f0`e5766350 00007ff7`4c85b8a0 : 000002c1`952b2860 00000000`00000000 000002c1`b50bbfd0 000002c1`952b2860 : msaccess!FUniqueIndexTableFieldEx+0xfc309000000f0`e57667e0 00007ff7`4c81dc50 : 000002c1`952b2860 000000f0`e57668c0 00000000`00000000 000002c1`a4a6af00 : msaccess!FUniqueIndexTableFieldEx+0xfcd70000000f0`e5766870 00007ff7`4c850956 : 000002c1`b50bbfd0 00000000`00008000 000002c1`a0bd2f40 00000000`00000000 : msaccess!FUniqueIndexTableFieldEx+0xbf120000000f0`e57668f0 00007ff7`4c63536d : 000002c1`a2bf7fc8 00000000`00000000 000002c1`ad86ff90 00000000`ffffffef : msaccess!FUniqueIndexTableFieldEx+0xf1e26000000f0`e5766950 00007ffb`04467504 : 00000000`00000000 000002c1`ad86ff90 000000f0`e57669a0 000002c1`a8519f90 : msaccess!AccessLoadString+0x7e5bd000000f0`e5766980 00007ffb`0441e8b5 : 00000000`00000000 00000000`00000000 000002c1`ad86fe78 00000000`00000000 : VBE7!CProjitemDocument::LoadDocItem+0x58000000f0`e57669c0 00007ffb`045cf624 : 00000000`00000000 00000000`00000000 000002c1`ad786498 00000000`00000001 : VBE7!HostGetBaseClassTypeInfo3+0xf5000000f0`e5766a20 00007ffb`045cb071 : 000002c1`b3afe9d0 000000f0`e5766ca8 000000f0`e5766fa0 000002c1`d9d00000 : VBE7!IMPMGR::HookUpBaseTypeInfo+0xb8000000f0`e5766a90 00007ffb`045cad91 : 000002c1`b3afe9d0 00007ffb`00000010 000002c1`d9d00000 00000000`00000000 : VBE7!IMPMGR::LoadTypeInfo+0xe5000000f0`e5766ad0 00007ffb`045cbbc4 : 000002c1`b3afe9d0 00000000`00000010 000002c1`00000000 000000f0`e5766ba8 : VBE7!IMPMGR::GetTypeInfo+0xcd000000f0`e5766b40 00007ffb`045cc1e1 : 000002c1`b3afe9d0 00007ffb`00000000 000000f0`e5766ba8 000000f0`e5766ca8 : VBE7!IMPMGR::GetCoClassTypeInfoOfBase+0x78000000f0`e5766b80 00007ffb`045cf3ed : 000002c1`b3afe9d0 000000f0`e5766cf8 000000f0`e5766d10 00000001`00000001 : VBE7!IMPMGR::GetBaseTypeInfoAttribute+0x65000000f0`e5766cd0 00007ffb`0456b8a3 : 000002c1`b3afe9d0 000002c1`b50b7be0 000000f0`e5766dd0 000002c1`8f53cfd0 : VBE7!IMPMGR::Write+0x1f5000000f0`e5766d20 00007ffb`045738a5 : 000002c1`a9653c40 000002c1`b50b7be0 000002c1`00000000 000002c1`b50b3f60 : VBE7!BASIC_TYPEROOT::WriteParts+0x583000000f0`e5766de0 00007ffb`04573430 : 000002c1`a9653c40 000002c1`b50b7be0 000002c1`00000000 000000f0`e5766e48 : VBE7!BASIC_TYPEROOT::WriteToStream+0xe5000000f0`e5766e20 00007ffb`04545292 : 000002c1`a9653c40 000002c1`a8505f00 000000f0`e5767180 000000f0`e57674d8 : VBE7!BASIC_TYPEROOT::Write+0x1b0000000f0`e5766f60 00007ffb`04544c3a : 000002c1`9bc00f80 000002c1`a8505f00 000000f0`e5760003 000002c1`00000001 : VBE7!ExecProj::SaveModule+0x32a000000f0`e57675b0 00007ffb`0443423c : 000002c1`9bc00f80 00000000`00000000 000000f0`00000001 000002c1`952b2860 : VBE7!ExecProj::Save+0x1da000000f0`e5767be0 00007ff7`4c6377a8 : 000002c1`ad780f38 00007ffb`0445e621 000002c1`8a1778b0 000002c1`ad780f38 : VBE7!Project::StgSave+0x134000000f0`e5767cc0 00007ff7`4c853cfc : 00000000`00000000 00000000`00000000 000002c1`ad780f38 000002c1`ad780f38 : msaccess!AccessLoadString+0x809f8000000f0`e5767d30 00007ff7`4c635c7c : 000002c1`a0bd2f40 00000000`00000000 00000000`00000000 00000000`00000001 : msaccess!FUniqueIndexTableFieldEx+0xf51cc000000f0`e5767e00 00007ff7`4c851808 : 000002c1`a0bd2f70 00000000`80004005 000002c1`a0bd2f40 00000000`00000000 : msaccess!AccessLoadString+0x7eecc000000f0`e57681f0 00007ff7`4c852164 : 000002c1`a0bd2f40 000000f0`e5768340 00000000`00000000 000002c1`00000000 : msaccess!FUniqueIndexTableFieldEx+0xf2cd8000000f0`e57682a0 00007ff7`4c817f3b : 00000000`00000000 000002c1`995d0fa0 00000000`00000001 00000000`00000001 : msaccess!FUniqueIndexTableFieldEx+0xf3634000000f0`e5768340 00007ff7`4c0ad6f0 : 000002c1`87276ec0 000002c1`87276ec0 000002c1`87276ec0 00000000`00000000 : msaccess!FUniqueIndexTableFieldEx+0xb940b000000f0`e5768480 00007ff7`4c925b8f : 00000000`00000000 000002c1`87276ec0 00000000`00000000 00000000`00000000 : msaccess!ReleaseAccessIconResource+0x331f0000000f0`e57684c0 00007ff7`4c0b0a7e : 000002c1`e57f6d70 000000f0`e5768bc0 000002c1`e57f6d70 00000000`00000000 : msaccess!OpenHscrEmbedded+0x79b1f000000f0`e5768680 00007ff7`4c0a1de6 : 000000f0`e5768830 000000f0`e5768968 000002c1`ed0ecf70 000000f0`e5768968 : msaccess!ReleaseAccessIconResource+0x3657e000000f0`e57687d0 00007ff7`4c246d2e : 000000f0`e5768bc0 00000000`00000000 00000000`00000000 00000000`00000000 : msaccess!ReleaseAccessIconResource+0x278e6000000f0`e57688f0 00007ff7`4c242e71 : 000000f0`e576c790 00000000`00000000 00007ffb`d3b40000 000000f0`e576e0d0 : msaccess!MSAU_ErrSortStringArray+0x345ce000000f0`e576c730 00007ff7`4c23cbab : 00000000`00000105 00000000`00000000 00000000`00000000 00000000`00000000 : msaccess!MSAU_ErrSortStringArray+0x30711000000f0`e576dfe0 00007ff7`4c24374a : 00000000`00000000 00000000`00000000 00000000`00000001 00000000`00000000 : msaccess!MSAU_ErrSortStringArray+0x2a44b000000f0`e576f6c0 00007ff7`4c50030b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : msaccess!MSAU_ErrSortStringArray+0x30fea000000f0`e576fbe0 00007ff7`4c50140e : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : msaccess!GetAccessIntellisenseManager+0x5c8cb000000f0`e576fd80 00007ff7`4c072612 : 00000000`0000000a 00000000`00000000 00000000`00000000 00000000`00000000 : msaccess!GetAccessIntellisenseManager+0x5d9ce000000f0`e576fe60 00007ffb`d27bdbe7 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : msaccess!Ordinal59+0x12612000000f0`e576fea0 00007ffb`d3c1fbec : 00000000`00000000 00000000`00000000 000004f0`fffffb30 000004d0`fffffb30 : KERNEL32!BaseThreadInitThunk+0x17000000f0`e576fed0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x2c