Unchecked Buffer in MDAC Function

Status
Not open for further replies.

TS | Thomas

Posts: 1,318   +2
Affected Software:
Microsoft Data Access Components 2.5
Microsoft Data Access Components 2.6
Microsoft Data Access Components 2.7

Issue:
Due to a flaw in a specific MDAC component, an attacker could respond with a specially crafted packet that could cause a buffer overflow. An attacker who successfully exploited this flaw could gain the same level of privileges over the system as the application that initiated the broadcast request. The actions an attacker could carry out would be dependent on the permissions which the application using MDAC ran under. If the application ran with limited privileges, an attacker would be limited accordingly; however, if the application runs under the local system context, the attacker would have the same level of permissions. This could include creating, modifying, or deleting data on the system, or reconfiguring the system. This could also include reformatting the hard disk or running programs of the attacker's choice.

Patch availability.

Note - Rather than patching MDAC 2.5 - 2.7 you can alternatively install Microsoft Data Access Components 2.8, which isn't affected (This version is used in Windows Server 2003 already).
 
Status
Not open for further replies.
Back