Vulnerability Note VU#542081
Microsoft Windows Data Access Components contains heap overflow in Data Stubs when parsing a malformed HTTP request
A vulnerability in the Microsoft Data Access Components (MDAC) could lead to remote execution of code with the privileges of the current process, or user.
Microsoft Data Access Components (MDAC) is a collection of utilities and routines to process requests between databases and network applications. A buffer overflow vulnerability exists in the Remote Data Services (RDS) component of MDAC.
The RDS component provides an intermediary step for a client's request for service from a back-end database which enables the web site to apply business logic to the request.
A remote attacker could execute arbitrary code with the privileges of the application that processed the request.
Apply a patch from your vendor.
Note that a vulnerable version of the control may be installed on a Windows system that never had the vulnerable control installed prior to the patch being applied. This is due to the fact that the vulnerable ActiveX control is signed by Microsoft and the patch does not set the kill bit for the MDAC control.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||20 Nov 2002||20 Nov 2002|
CVSS Metrics (Learn More)
This vulnerability was reported in an advisory by Foundstone and in MS02-065 by Microsoft.
This document was written by Jason A Rafail.
- CVE IDs: CAN-2002-1142
- CERT Advisory: CA-2002-33
- Date Public: 20 Nov 2002
- Date First Published: 20 Nov 2002
- Date Last Updated: 13 Dec 2002
- Severity Metric: 52.58
- Document Revision: 9
If you have feedback, comments, or additional information about this vulnerability, please send us email.