Microsoft MDAC Broadcast Reply Overflow

2004-01-13T14:16:08
ID OSVDB:3457
Type osvdb
Reporter OSVDB
Modified 2004-01-13T14:16:08

Description

Vulnerability Description

A remote overflow exists in Microsoft Data Access Components. The program fails to validate replies to a broadcast request resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code to run on a vulnerable machine resulting in a loss of confidentiality, integrity, and/or availability.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Short Description

A remote overflow exists in Microsoft Data Access Components. The program fails to validate replies to a broadcast request resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code to run on a vulnerable machine resulting in a loss of confidentiality, integrity, and/or availability.

References:

Vendor URL: http://support.microsoft.com/default.aspx?kbid=301202 Vendor Specific Solution URL: http://www.microsoft.com/downloads/details.aspx?FamilyId=39472EE8-C14A-47B4-BFCC-87988E062D91&displaylang=en Vendor Specific Solution URL: http://www.microsoft.com/downloads/details.aspx?FamilyId=1D93D9E4-2B22-4595-B8C5-643824857EC0&displaylang=en Vendor Specific Advisory URL Secunia Advisory ID:10616 Microsoft Security Bulletin: MS04-003 ISS X-Force ID: 14179 CVE-2003-0903