Unpatched.ai can make mistakes. Public reports may be added, updated, or removed at any time.
Report ID: 2024-249
An improper input validation issue exists in Microsoft Access, specifically MSACCESS.EXE version 16.0.18227.20162 when opening a specially crafted file. By sending a target the file and convincing them to open it, an attacker could unlikely gain Remote Code Execution (RCE) on the target's computer due to the unpatched issue. However, even if RCE isn't achieved, the crash could result in Denial of Service (DoS) for the target application. In addition, likely due to how Microsoft Access handles recent files, file recovery, and file repair, it is possible the issue could result in a persistent DoS attack, where the application will continue to crash, even after reboot by the target.
ExceptionAddress: 00007fffbcc4fd6d (mso20win32client!CrashWithRecovery+0x000000000000004d) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000NumberParameters: 2 Parameter[0]: 0000000000000001 Parameter[1]: 0000000000000000Attempt to write to address 0000000000000000Child-SP RetAddr : Args to Child : Call Site0000005a`f70f0a40 00007fff`bce71b66 : 00000194`01483052 00000000`00000000 00000000`00000000 00000000`00000000 : mso20win32client!CrashWithRecovery+0x4d0000005a`f70f0aa0 00007ff8`726f1ee9 : 00000000`00000016 00000194`16e21888 0000005a`f70f0bc0 00000000`00000016 : mso20win32client!EnableAbortRedirectLiblet::Uninit+0x930000005a`f70f0b10 00007ff8`726d5011 : 00000194`16e23801 00000194`00000000 00000000`00000000 0000005a`f70f0bc0 : ucrtbase!raise+0x1d90000005a`f70f0b90 00007ff7`0c56e0ba : 00007fff`00000003 00000000`00000003 ffffffff`fffffffe 00000194`166e0ff0 : ucrtbase!abort+0x310000005a`f70f0bc0 00007ff8`726f1f37 : 00000194`16e23888 00000194`16e21888 00000000`00000000 00000194`16e17bb8 : msaccess!SetEnumIntlView+0x202a0000005a`f70f0bf0 00007ff7`0c5c7ed1 : 00000194`16e23888 00007fff`bd22c560 00000194`16e21888 00000000`00000084 : ucrtbase!terminate+0x170000005a`f70f0c20 00007ff7`0c5ca322 : 00000194`16e23888 00000000`00000000 00000000`00000084 00000194`16e21888 : msaccess!SizeCallback+0x513e10000005a`f70f0c50 00007ff7`0c89f79e : 0000005a`f70f0cf8 00000194`008cc860 00000000`00000084 00007ff8`74ee1f59 : msaccess!SizeCallback+0x538320000005a`f70f0cb0 00007ff7`0c89f846 : 00000194`16e17bb8 0000005a`f70f1bc8 0000005a`f70f1bc8 00000000`00000007 : msaccess!AccessLoadString+0x25afe0000005a`f70f1b80 00007ff7`0c89f846 : 00000194`12a9aff0 0000005a`f70f2a98 0000005a`f70f2a98 00000000`00000000 : msaccess!AccessLoadString+0x25ba60000005a`f70f2a50 00007ff7`0c8a6d2a : 00000000`0000000c 00000194`2dd93f70 0000005a`f70f5a90 00000000`00000001 : msaccess!AccessLoadString+0x25ba60000005a`f70f3920 00007ff7`0c8a61a8 : 00000000`00000000 00000000`00000000 0000005a`f70f71c0 00000000`00000001 : msaccess!AccessLoadString+0x2d08a0000005a`f70f40e0 00007ff7`0c89e772 : 00000000`00000102 00000194`008cc860 00000000`00008000 00000000`00000000 : msaccess!AccessLoadString+0x2c5080000005a`f70f59e0 00007ff7`0c652af6 : 00000000`00000000 00007ff7`0cbcbd57 00000206`00000008 00007ff8`7507084c : msaccess!AccessLoadString+0x24ad20000005a`f70f5e00 00007ff7`0c652989 : 0000005a`f70f71c0 00007ff7`0c685d6e 00000000`00000080 00000000`00000001 : msaccess!SizeCallback+0xdc0060000005a`f70f5ff0 00007ff7`0c64b6d8 : 00000000`00000080 00000194`008cc860 00000000`00000202 00000000`00000000 : msaccess!SizeCallback+0xdbe990000005a`f70f6050 00007ff7`0c64d0d9 : 0000fae2`45527b01 00000000`00000080 0000005a`f70f7ff0 00000000`00000202 : msaccess!SizeCallback+0xd4be80000005a`f70f7320 00007ff7`0c8227c2 : 00000000`00000000 0000005a`f70f8220 00000000`000007d1 00000000`00008000 : msaccess!SizeCallback+0xd65e90000005a`f70f73d0 00007ff7`0c4f1aa6 : 00000000`f229a6a0 0000005a`f70f8220 00000000`00000001 0000005a`f70f8220 : msaccess!MSAU_GetSizeList+0x3f3720000005a`f70f7fa0 00007ff7`0c4e936f : 00000000`00000001 00000000`00000016 00000000`00000001 0000005a`f70f8220 : msaccess!MSAU_ErrSortStringArray+0x1d9360000005a`f70f8120 00007ff7`0c5091d6 : 00000194`3794efe0 00000000`00000000 00000000`00000000 00000000`00000000 : msaccess!MSAU_ErrSortStringArray+0x151ff0000005a`f70f84c0 00007ff7`0c504855 : 0000005a`f70fc1a0 00000000`00000000 00007ff8`74f9fbcc 0000005a`f70fdae0 : msaccess!MSAU_ErrSortStringArray+0x350660000005a`f70fc140 00007ff7`0c4fe5e7 : 00000000`00000105 00000000`00000000 00000000`00000000 00000000`00000000 : msaccess!MSAU_ErrSortStringArray+0x306e50000005a`f70fd9f0 00007ff7`0c50512a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000001 : msaccess!MSAU_ErrSortStringArray+0x2a4770000005a`f70ff0d0 00007ff7`0c7c2e8f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : msaccess!MSAU_ErrSortStringArray+0x30fba0000005a`f70ff5f0 00007ff7`0c7c3fa5 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : msaccess!GetAccessIntellisenseManager+0x5cdef0000005a`f70ff790 00007ff7`0c333c72 : 00000000`0000000a 00000000`00000000 00000000`00000000 00000000`00000000 : msaccess!GetAccessIntellisenseManager+0x5df050000005a`f70ff870 00007ff8`72f7e8d7 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : msaccess!Ordinal59+0x13c720000005a`f70ff8b0 00007ff8`74f9fbcc : 00000000`00000000 00000000`00000000 000004f0`fffffb30 000004d0`fffffb30 : KERNEL32!BaseThreadInitThunk+0x170000005a`f70ff8e0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x2c