Buffer-Overflow Vulnerability in MDAC 2.7, 2.6, and 2.5

David Litchfield of Next Generation Security Software discovered that a buffer-overflow vulnerability exists in Microsoft Data Access Components (MDAC) that could result in the SQL Server service failing orexecuting arbitrary code from a potential attacker. This vulnerability results from an unchecked buffer in the MDAC functions  that handle the OpenRowSet command. Microsoft has released Security Bulletin MS02-040 (Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise) to address this vulnerability and recommends that affected users apply the appropriate patch mentioned in the bulletin.

http://www.secadministrator.com/articles/index.cfm?articleid=26126 .

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.