Vulnerability Note VU#139150
Microsoft Data Access Components (MDAC) contains buffer overflow
Microsoft Data Access Components (MDAC) contains a buffer overflow vulnerability that could allow a remote attacker to execute arbitrary code or cause a denial of service.
From Microsoft Security Bulletin MS04-003:
Microsoft Data Access Components (MDAC) is a collection of components that provides the underlying functionality for a number of database operations, such as connecting to remote databases and returning data to a client.
An MDAC client sends a network broadcast to port 1434/udp to query for systems running Microsoft SQL Server. A buffer overflow vulnerability exists in an MDAC component that handles responses to such a query. The vulnerability could be triggered by a specially crafted response packet. An MDAC client is only vulnerable for some period of time after it issues a query.
A remote attacker could execute arbitrary code with the privileges of the process using MDAC. The attacker could also cause a denial of service.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||-||19 Jan 2004|
CVSS Metrics (Learn More)
Information used in this document came from Microsoft Security Bulletin MS04-003.
This document was written by Art Manion.
- CVE IDs: CAN-2003-0903
- Date Public: 13 Jan 2004
- Date First Published: 19 Jan 2004
- Date Last Updated: 19 Jan 2004
- Severity Metric: 10.60
- Document Revision: 27
If you have feedback, comments, or additional information about this vulnerability, please send us email.