Unchecked Buffer in MDAC Function

By TS | Thomas
Aug 21, 2003
Topic Status:
Not open for further replies.
  1. Affected Software:
    Microsoft Data Access Components 2.5
    Microsoft Data Access Components 2.6
    Microsoft Data Access Components 2.7

    Issue:
    Due to a flaw in a specific MDAC component, an attacker could respond with a specially crafted packet that could cause a buffer overflow. An attacker who successfully exploited this flaw could gain the same level of privileges over the system as the application that initiated the broadcast request. The actions an attacker could carry out would be dependent on the permissions which the application using MDAC ran under. If the application ran with limited privileges, an attacker would be limited accordingly; however, if the application runs under the local system context, the attacker would have the same level of permissions. This could include creating, modifying, or deleting data on the system, or reconfiguring the system. This could also include reformatting the hard disk or running programs of the attacker's choice.

    Patch availability.

    Note - Rather than patching MDAC 2.5 - 2.7 you can alternatively install Microsoft Data Access Components 2.8, which isn't affected (This version is used in Windows Server 2003 already).
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.