93 matches found
Patch Tuesday: Microsoft Releases 13 Bulletins, 2 Critical
Microsoft shipped 13 bulletins in the August edition of Patch Tuesday, including two critical fixes for the Internet Explorer Browser and for Windows DNS Server that the company warns could enable remote attacks. The scheduled monthly update includes a a cumulative security update for Internet...
MS11-059: Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (2560656)
The version of Microsoft Data Access Components MDAC installed on the remote Windows host is affected by a code execution vulnerability. By tricking a user into opening a legitimate Excel file that is in the same directory as a specially crafted library file, a remote, unauthenticated user could...
CVE-2011-0026
Integer signedness error in the SQLConnectW function in an ODBC API odbc32.dll in Microsoft Data Access Components MDAC 2.8 SP1 and SP2, and Windows Data Access Components WDAC 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name DSN and a crafted szDSN...
CVE-2011-0027
Microsoft Data Access Components MDAC 2.8 SP1 and SP2, and Windows Data Access Components WDAC 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer...
Integer overflow
Integer signedness error in the SQLConnectW function in an ODBC API odbc32.dll in Microsoft Data Access Components MDAC 2.8 SP1 and SP2, and Windows Data Access Components WDAC 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name DSN and a crafted szDSN...
Microsoft Data Access Components - Remote Overflow (MS11-002)
Microsoft Data Access Components - Remote Overflow MS11-002 .body test // This code has been released under the Q Public License by Trolltech // http://en.wikipedia.org/wiki/QPublicLicense // Source: http://vreugdenhilresearch.nl/ms11-002-pwn2own-heap-overflow/ var StartTime = new Date; var...
CVE-2011-0027
Microsoft Data Access Components MDAC 2.8 SP1 and SP2, and Windows Data Access Components WDAC 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer...
CVE-2011-0027
CVE-2011-0027 concerns Microsoft Data Access Components (MDAC) 2.8 SP1/SP2 and Windows Data Access Components (WDAC) 6.0, where memory allocation for internal data structures is not properly validated. According to MS11-002, a remote attacker could trigger a code execution by a user viewing a cra...
Microsoft Data Access Components Vulnerability
.body test // This code has been released under the Q Public License by Trolltech // http://en.wikipedia.org/wiki/QPublicLicense // Source: http://vreugdenhilresearch.nl/ms11-002-pwn2own-heap-overflow/ var StartTime = new Date; var FinalHeapSpraySize = 900; //var SmallHoleSize = 0x1F0; var...
Microsoft Windows Data Access Components Remote Code Execution Vulnerabilities (2451910)
This host is missing a critical security update according to Microsoft Bulletin MS11-002. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Microsoft Data Access Components - Remote Overflow (MS11-002)
.body test // This code has been released under the Q Public License by Trolltech // http://en.wikipedia.org/wiki/QPublicLicense // Source: http://vreugdenhilresearch.nl/ms11-002-pwn2own-heap-overflow/ var StartTime = new Date; var FinalHeapSpraySize = 900; //var SmallHoleSize = 0x1F0; var...
Microsoft Data Access Components CacheSize Memory Corruption (MS11-002; CVE-2011-0027)
Microsoft Data Access Components MDAC is a collection of components that make it easy for programs to access databases and then to manipulate the data within them. MDAC provides a consolidated set of functions for working with different kinds of data sources in a consistent manner The vulnerabili...
PT-2011-2023 · Microsoft · Data Access Components +1
Name of the Vulnerable Software and Affected Versions: Microsoft Data Access Components MDAC versions 2.8 SP1 through 2.8 SP2 Windows Data Access Components WDAC version 6.0 Description: The issue is related to an integer signedness error in the SQLConnectW function within the odbc32.dll of...
MS11-002: Vulnerabilities in Microsoft Data Access Components Could Allow Remote Code Execution (2451910)
The version of Microsoft Data Access Components MDAC installed on the remote Windows host is affected by two vulnerabilities, which could allow arbitrary code execution if a user views a specially crafted web page: - A buffer overflow in the Open Database Connectivity ODBC API used by third-party...
Microsoft Data Access Components Data Source Name Buffer Overflow Vulnerability
Description Microsoft Data Access Components MDAC are prone to a buffer-overflow vulnerability because they fail to properly bounds-check user-supplied data. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks will...
Microsoft Data Access Components DSN Overflow Code Execution Vulnerability
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Data Access Components. The vulnerability is present in an API call and as such successful exploitation will depend on an application's implementation of this call. The specific flaw exists with...
MS11-002: Microsoft Data Access Components Vulnerability
Exploit for windows platform in category remote exploits .body test // This code has been released under the Q Public License by Trolltech // http://en.wikipedia.org/wiki/QPublicLicense // Source: http://vreugdenhilresearch.nl/ms11-002-pwn2own-heap-overflow/ var StartTime = new Date; var...
VulnCheck KEV: CVE-2006-5559
The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects ADODB.Connection.2.7 and ADODB.Connection.2.8 in the Microsoft Data Access Components MDAC 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows...
VulnCheck KEV: CVE-2006-0003
Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects ADO and distributed in Microsoft Data Access Components MDAC 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors...
Microsoft Data Access Components ActiveX Data Objects Memory Corruption Vulnerability
Description Microsoft Data Access Components are prone to a remote memory-corruption vulnerability. An attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage. Successful exploits will allow the attacker to execute arbitrary code within the context of the...