11 matches found
CVE-2012-1891
CVE-2012-1891 is a heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1/SP2 and Windows Data Access Components (WDAC) 6.0 that allows remote code execution when processing crafted XML data, due to an access of an uninitialized object in memory (the issue commonly referenc...
CVE-2006-0003
CVE-2006-0003 is an MSMDAC/ActiveX vulnerability affecting the RDS.Dataspace ActiveX control in MDAC 2.7 and 2.8. The flaw allows remote code execution when a user is persuaded to view a malicious page, due to the control’s ability to create other ActiveX objects while bypassing the ActiveX safet...
CVE-1999-1011
CVE-1999-1011 affects the RDS DataFactory component of Microsoft MDAC used by IIS 3.x/4.x, enabling remote command execution via unsafe DataFactory methods in msadcs.dll. Public docs reference MS99-025 security bulletin and multiple advisories; exploit code and modules exist (e.g., Metasploit MSS...
CVE-2011-0027
CVE-2011-0027 concerns Microsoft Data Access Components (MDAC) 2.8 SP1/SP2 and Windows Data Access Components (WDAC) 6.0, where memory allocation for internal data structures is not properly validated. According to MS11-002, a remote attacker could trigger a code execution by a user viewing a cra...
CVE-2002-1142
CVE-2002-1142 is a heap-based buffer overflow in the MDAC RDS component caused by an unchecked buffer in the RDS Data Stub when handling malformed HTTP requests. Affected: MDAC versions 2.1–2.6 and Internet Explorer 5.01–6.0. Impact: remote code execution with the privileges of the service (e.g.,...
CVE-2011-0026
Summary: CVE-2011-0026 is a buffer overflow resulting from an integer signedness error in SQLConnectW in odbc32.dll, affecting Microsoft Data Access Components (MDAC) 2.8 SP1/SP2 and Windows Data Access Components (WDAC) 6.0. An attacker can trigger remote code execution by supplying a long DSN s...
CVE-2002-0695
CVE-2002-0695 describes a buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of Microsoft Data Access Components (MDAC) 2.5–2.7, affecting SQL Server 7.0 or 2000. The underlying issue is a buffer overflow in the OpenRowSet path that could allow a remote attacker to execute arbitrary...
CVE-2003-0353
CVE-2003-0353 details a Unicode buffer overflow in the SQL-DMO component of Microsoft MDAC (versions 2.5–2.7) that can be exploited by a long UDP broadcast response on port 1434, enabling remote code execution. Affected packages include MDAC 2.5/2.6/2.7 with various SPs; fixes are described in MS...
CVE-2003-0903
CVE-2003-0903 corresponds to a buffer overflow in Microsoft Data Access Components (MDAC) 2.5–2.8. The vulnerability resides in a MDAC component that handles responses to SQL Server discovery broadcasts; a malicious UDP reply to a broadcast request can trigger a buffer overrun. Exploitation could...
CVE-2006-5559
The CVE-2006-5559 issue affects MDAC’s ADODB.Connection ActiveX control (versions 2.5 SP3, 2.7 SP1, 2.8, 2.8 SP1). The Execute/NextRecordset path can trigger memory corruption when the second argument is a BSTR, enabling remote code execution or an Internet Explorer crash via specially crafted in...
CVE-2002-1918
CVE-2002-1918 describes a buffer overflow in Microsoft Active Data Objects (ADO) within Microsoft MDAC versions 2.5–2.7. The description identifies the vulnerability as enabling remote attackers to cause impact with unknown scope and unknown attack vectors; no concrete impact, vector, or remediat...