Microsoft Data Access Components (MDAC) Memory Corruption Errors in Processing DSN Data and ADO Records Let Remote Users Execute Arbitrary Code - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: OS (Microsoft) > Microsoft Data Access Components (MDAC)

Vendors: Microsoft

Microsoft Data Access Components (MDAC) Memory Corruption Errors in Processing DSN Data and ADO Records Let Remote Users Execute Arbitrary Code

SecurityTracker Alert ID: 1024947

SecurityTracker URL: http://securitytracker.com/id/1024947

CVE Reference: CVE-2011-0026, CVE-2011-0027 (Links to External Site)

Date: Jan 11 2011

Impact: Execution of arbitrary code via network, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): 2003 SP2, Vista SP2, 2008 SP2, 2008 R2, XP SP3, 7; and prior service packs

Description: Two vulnerabilities were reported in Microsoft Data Access Components (MDAC). A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create specially crafted HTML that, when loaded by the target user, will invoke a third party application that will trigger a buffer overflow in the Data Source Name (DSN) argument of an Open Database Connectivity (ODBC) API and execute arbitrary code on the target system [CVE-2011-0026]. The code will run with the privileges of the target user.

Abdul Aziz Hariri reported this vulnerability via TippingPoint's Zero Day Initiative.

A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a memory allocation error in an ActiveX Data Object (ADO) record and execute arbitrary code on the target system [CVE-2011-0027]. The code will run with the privileges of the target user.

Peter Vreugdenhil reported this vulnerability via TippingPoint's Zero Day Initiative.

Impact: A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.

Solution: The vendor has issued the following fixes:

Windows XP Service Pack 3, Microsoft Data Access Components 2.8 Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=7951FD7B-6B0A-4168-8519-312A62FF3289

Windows XP Professional x64 Edition Service Pack 2, Microsoft Data Access Components 2.8 Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=CE06BFDC-7B0D-4E65-9A13-E009E3A6A9F0

Windows Server 2003 Service Pack 2, Microsoft Data Access Components 2.8 Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=D451CED7-C9C7-4C41-9D44-8F8929FCA390

Windows Server 2003 x64 Edition Service Pack 2, Microsoft Data Access Components 2.8 Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=3F2C8CFA-819E-4FD9-93BA-B687EB2D46FE

Windows Server 2003 with SP2 for Itanium-based Systems, Microsoft Data Access Components 2.8 Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=8DBCBB91-464B-4EB3-B7E5-AFE82FEBF8D7

Windows Vista Service Pack 1 and Windows Vista Service Pack 2, Windows Data Access Components 6.0:

http://www.microsoft.com/downloads/details.aspx?familyid=13445E4A-099A-4EDD-864E-C44F42940500

Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2, Windows Data Access Components 6.0:

http://www.microsoft.com/downloads/details.aspx?familyid=FD6B806E-50D4-4F4D-96E1-7C71FCA4C543

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2, Windows Data Access Components 6.0:

http://www.microsoft.com/downloads/details.aspx?familyid=3D0885AC-97B3-46B5-970D-CC810270FBA3

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2, Windows Data Access Components 6.0:

http://www.microsoft.com/downloads/details.aspx?familyid=8F33C57E-343C-4CDB-B667-AF18A8779AD2

Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2, Windows Data Access Components 6.0:

http://www.microsoft.com/downloads/details.aspx?familyid=5ECC8180-6BAA-4F4B-A392-4B45A30469FC

Windows 7 for 32-bit Systems, Windows Data Access Components 6.0:

http://www.microsoft.com/downloads/details.aspx?familyid=3DFD4F1C-E7A5-4686-8D2C-B7A5A53C5333

Windows 7 for x64-based Systems, Windows Data Access Components 6.0:

http://www.microsoft.com/downloads/details.aspx?familyid=CF30E5C0-811B-4ECD-A6B2-874000D25074

Windows Server 2008 R2 for x64-based Systems, Windows Data Access Components 6.0:

http://www.microsoft.com/downloads/details.aspx?familyid=CC9BAC5A-3EAA-46FB-9EF4-C511B5F57996

Windows Server 2008 R2 for Itanium-based Systems, Windows Data Access Components 6.0:

http://www.microsoft.com/downloads/details.aspx?familyid=BA2612EC-FFAD-4CD3-85C6-BA07F70A0D24

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms11-002.mspx

Vendor URL: www.microsoft.com/technet/security/bulletin/ms11-002.mspx (Links to External Site)

Cause: Boundary error

Underlying OS:

Message History: None.

Source Message Contents


[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC