Unpatched.ai can make mistakes. Public reports may be added, updated, or removed at any time.
Report ID: 2024-237
An improper input validation issue exists in Microsoft Access, specifically MSACCESS.EXE version 16.0.18025.20214 when opening a specially crafted file. By sending a target the file and convincing them to open it, an attacker could unlikely gain Remote Code Execution (RCE) on the target's computer due to the unpatched issue. However, even if RCE isn't achieved, the crash could result in Denial of Service (DoS) for the target application. In addition, likely due to how Microsoft Access handles recent files, file recovery, and file repair, it is possible the issue could result in a persistent DoS attack, where the application will continue to crash, even after reboot by the target.
ExceptionAddress: 00007ffb0d66a7dd (mso20win32client!CrashWithRecovery+0x000000000000004d) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000NumberParameters: 2 Parameter[0]: 0000000000000001 Parameter[1]: 0000000000000000Attempt to write to address 0000000000000000Child-SP RetAddr : Args to Child : Call Site000000fa`045331c0 00007ffb`0d8a8ad6 : 0000020d`01483052 00000000`00000000 00007ffb`0dc4af90 000000fa`04533358 : mso20win32client!CrashWithRecovery+0x4d000000fa`04533220 00007ffb`d1921ee9 : 00000000`00000016 0000020d`4763db78 00000000`00000000 00000000`00000016 : mso20win32client!EnableAbortRedirectLiblet::Uninit+0x93000000fa`04533290 00007ffb`d1905011 : 0000020d`4769bb01 0000020d`00000000 00000000`00000000 000000fa`04533340 : ucrtbase!raise+0x1d9000000fa`04533310 00007ff7`4c2acb5a : 00000000`00000003 00000000`00000003 ffffffff`fffffffe 0000020d`262d8ff0 : ucrtbase!abort+0x31000000fa`04533340 00007ffb`d1921f37 : 0000020d`4769bb78 0000020d`4763db78 00000000`00000083 0000020d`4763db78 : msaccess!SetEnumIntlView+0x202a000000fa`04533370 00007ff7`4c306371 : 0000020d`4769bb78 00000000`fffffffd 00007ffb`0dc4af90 01010101`01010101 : ucrtbase!terminate+0x17000000fa`045333a0 00007ff7`4c3087b2 : 0000020d`4769bb78 00000000`00000000 00000000`00000083 000000fa`04535a20 : msaccess!SizeCallback+0x50f51000000fa`045333d0 00007ff7`4c5dca90 : 000000fa`04533478 0000020d`1d08e860 00000000`00000083 00000000`00000005 : msaccess!SizeCallback+0x53392000000fa`04533430 00007ff7`4c5dcb40 : 0000020d`34357ff0 000000fa`04534338 000000fa`04534338 00000000`00000004 : msaccess!AccessLoadString+0x25ce0000000fa`045342f0 00007ff7`4c5e3f86 : 0000020d`71b61f70 00000000`0000000c 000000fa`04537320 00000000`00000001 : msaccess!AccessLoadString+0x25d90000000fa`045351b0 00007ff7`4c5e340d : 00000000`00000000 00000000`00000000 000000fa`04537b30 00000000`00000001 : msaccess!AccessLoadString+0x2d1d6000000fa`04535970 00007ff7`4c5dba62 : 00000000`00020102 0000020d`1d08e860 00000000`00008004 00000000`00000000 : msaccess!AccessLoadString+0x2c65d000000fa`04537270 00007ff7`4c390d0e : 0000020d`3cbfaf40 000000fa`045376b0 000064b0`7e6f10aa 00000000`00000102 : msaccess!AccessLoadString+0x24cb2000000fa`04537690 00007ff7`4c3cfce5 : 006f0073`006f0072 004a002e`00740066 004e002e`00740065 00760069`00740061 : msaccess!SizeCallback+0xdb8ee000000fa`04537880 00007ff7`4c15c508 : 0000020d`1d08e860 00007ff7`4c8ffde7 00000000`00000003 000000fa`00000000 : msaccess!WizChooseColor+0x3d5f5000000fa`045378f0 00007ff7`4c94a899 : 00000000`00000000 00000000`00008004 000000fa`04537f59 0000020d`1d08e860 : msaccess!JETESLoadProjectTypeLib+0xaa408000000fa`04537940 00007ff7`4c5220e6 : 000000fa`04537df8 00000000`00000000 00000000`00000000 00000000`00000000 : msaccess!OpenHscrEmbedded+0x9e829000000fa`04537da0 00007ff7`4c0ad380 : 0000020d`331b2ec0 000000fa`04537f60 00007ffb`d19988c0 000000fa`04537f60 : msaccess!MSAU_GetSizeList+0x2746000000fa`04537ef0 00007ff7`4c0ac7c0 : 00000000`00000000 00000000`00000000 0000020d`331b2ec0 00000000`00000000 : msaccess!ReleaseAccessIconResource+0x32e80000000fa`04537fc0 00007ff7`4c925b5a : 0000020d`331b2f18 00000000`00000000 0000020d`331b2ec0 00000000`00000000 : msaccess!ReleaseAccessIconResource+0x322c0000000fa`045382c0 00007ff7`4c0b0a7e : 0000020d`7d6c8d70 000000fa`045389c0 0000020d`7d6c8d70 00000000`00000000 : msaccess!OpenHscrEmbedded+0x79aea000000fa`04538480 00007ff7`4c0a1de6 : 000000fa`04538630 000000fa`04538768 0000020d`163aaf70 000000fa`04538768 : msaccess!ReleaseAccessIconResource+0x3657e000000fa`045385d0 00007ff7`4c246d2e : 000000fa`045389c0 00000000`00000000 00000000`00000000 00000000`00000000 : msaccess!ReleaseAccessIconResource+0x278e6000000fa`045386f0 00007ff7`4c242e71 : 000000fa`0453c590 00000000`00000000 00007ffb`d3b40000 000000fa`0453ded0 : msaccess!MSAU_ErrSortStringArray+0x345ce000000fa`0453c530 00007ff7`4c23cbab : 00000000`00000105 00000000`00000000 00000000`00000000 00000000`00000000 : msaccess!MSAU_ErrSortStringArray+0x30711000000fa`0453dde0 00007ff7`4c24374a : 00000000`00000000 00000000`00000000 00000000`00000001 00000000`00000000 : msaccess!MSAU_ErrSortStringArray+0x2a44b000000fa`0453f4c0 00007ff7`4c50030b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : msaccess!MSAU_ErrSortStringArray+0x30fea000000fa`0453f9e0 00007ff7`4c50140e : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : msaccess!GetAccessIntellisenseManager+0x5c8cb000000fa`0453fb80 00007ff7`4c072612 : 00000000`0000000a 00000000`00000000 00000000`00000000 00000000`00000000 : msaccess!GetAccessIntellisenseManager+0x5d9ce000000fa`0453fc60 00007ffb`d27bdbe7 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : msaccess!Ordinal59+0x12612000000fa`0453fca0 00007ffb`d3c1fbec : 00000000`00000000 00000000`00000000 000004f0`fffffb30 000004d0`fffffb30 : KERNEL32!BaseThreadInitThunk+0x17000000fa`0453fcd0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x2c