Experts from 0Patch revealed that the Microsoft Zero-Day Patch for JET Database Engine vulnerability (CVE-2018-8423) is incomplete. The vulnerability was discovered by the researcher Lucas Leong of the Trend Micro Security Research team that publicly disclosed an unpatched zero-day vulnerability in all supported versions of Microsoft Windows. An attacker can use specially crafted data in a database file to trigger a write past the end of an allocated buffer. The exploit requires user interaction, the attackers have to trick victims into opening a malicious file that would trigger the bug.”]
Source: https://securityaffairs.co/wordpress/77119/hacking/zero-day-patch-incomplete.html