Buffer-Overrun Vulnerability in MDAC

Foundstone discovered that a Microsoft Data Access Components (MDAC) vulnerability might let a potential attacker execute arbitrary code on the vulnerable system. The vulnerability stems from an unchecked buffer in the Remote Data Services (RDS) Data Stub. By sending a specially malformed HTTP request to the Data Stub, a potential attacker can cause targeted data to overrun onto the heap. Microsoft has released Security Bulletin MS02-065 (Buffer Overrun in Microsoft Data Access Components Could Lead to Code Execution) to address this vulnerability and recommends that affected users immediately apply the appropriate patch that the bulletin mentions.

http://www.secadministrator.com/articles/index.cfm?articleid=27357 .

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.