{"id": "SECURITYVULNS:DOC:3312", "bulletinFamily": "software", "title": "Security Bulletin MS02-040: Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise (Q326573)", "description": "- ----------------------------------------------------------------------\r\nTitle: Unchecked Buffer in MDAC Function Could Enable SQL \r\n Server Compromise (Q326573)\r\nDate: 31 July 2002\r\nSoftware: Microsoft Data Access Components\r\nImpact: Run code of attacker's choice\r\nMax Risk: Moderate\r\nBulletin: MS02-040\r\n\r\nMicrosoft encourages customers to review the Security Bulletin at: \r\nhttp://www.microsoft.com/technet/security/bulletin/MS02-040.asp.\r\n- ----------------------------------------------------------------------\r\n\r\nIssue:\r\n======\r\nThe Microsoft Data Access Components (MDAC) provide a number of\r\nsupporting technologies for \r\naccessing and using databases. Included among these functions is the\r\nunderlying support for \r\nthe T-SQL OpenRowSet command. A security vulnerability results\r\nbecause the MDAC functions \r\nunderlying OpenRowSet contain an unchecked buffer. \r\n\r\nAn attacker who submitted a database query containing a specially\r\nmalformed parameter within \r\na call to OpenRowSet could overrun the buffer, either for the purpose\r\nof causing the SQL \r\nServer to fail or causing the SQL Server service to take actions\r\ndictated by the attacker.\r\n\r\nMitigating Factors:\r\n====================\r\n - In order to exploit the vulnerability, the attacker would \r\n need the ability to load and execute a database query on the \r\n server. This is strongly discouraged by best practices, and \r\n servers that have been configured to prevent this (e.g., through \r\n the use of the DisallowAdhocAccess registry setting, as discussed\r\n in the FAQ) would not be at risk from the vulnerability. \r\n - Under default conditions, the system-level privileges gained \r\n through a successful attack would be those of a Domain User. \r\n - Even though MDAC ships as part of all versions of Windows, \r\n the vulnerability can only be exploited on SQL Servers. Customers\r\n who are not using SQL Server do not need to take action, despite\r\n the fact that MDAC may be installed on their systems.\r\n\r\nRisk Rating:\r\n============\r\n - Internet systems: Moderate\r\n - Intranet systems: Moderate\r\n - Client systems: None\r\n\r\nPatch Availability:\r\n===================\r\n - A patch is available to fix this vulnerability. Please read the \r\n Security Bulletin at\r\n http://www.microsoft.com/technet/security/bulletin/ms02-040.asp\r\n for information on obtaining this patch.\r\n\r\nAcknowledgment:\r\n===============\r\n - David Litchfield of Next Generation Security Software Ltd. \r\n (http://www.nextgenss.com/)\r\n- ---------------------------------------------------------------------\r\n\r\nTHE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED\r\n"AS IS" WITHOUT \r\nWARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER\r\nEXPRESS OR IMPLIED, \r\nINCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A\r\nPARTICULAR PURPOSE. IN NO \r\nEVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY\r\nDAMAGES WHATSOEVER \r\nINCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF\r\nBUSINESS PROFITS OR SPECIAL \r\nDAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN\r\nADVISED OF THE POSSIBILITY \r\nOF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION\r\nOF LIABILITY FOR \r\nCONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY\r\nNOT APPLY.\r\n", "published": "2002-08-03T00:00:00", "modified": "2002-08-03T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:3312", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:06", "edition": 1, "viewCount": 3, "enchantments": {"score": {"value": 3.2, "vector": "NONE", "modified": "2018-08-31T11:10:06", "rev": 2}, "dependencies": {"references": [{"type": "nessus", "idList": ["EULEROS_SA-2020-1498.NASL", "EULEROS_SA-2020-1457.NASL", "EULEROS_SA-2020-1496.NASL", "EULEROS_SA-2020-1477.NASL", "EULEROS_SA-2020-1491.NASL", "EULEROS_SA-2020-1494.NASL", "EULEROS_SA-2020-1483.NASL", "EULEROS_SA-2020-1489.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220201494", "OPENVAS:1361412562311220201431", "OPENVAS:1361412562311220201489", "OPENVAS:1361412562311220201457", "OPENVAS:1361412562311220201477", "OPENVAS:1361412562311220201400", "OPENVAS:1361412562311220201491", "OPENVAS:1361412562311220201476", "OPENVAS:1361412562311220201430", "OPENVAS:1361412562311220201473"]}], "modified": "2018-08-31T11:10:06", "rev": 2}, "vulnersScore": 3.2}, "affectedSoftware": []}

{"rst": [{"lastseen": "2021-02-24T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **binna[.]pms.api.btc.top** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2021-02-24T03:00:00, Last seen: 2021-02-24T03:00:00.\n IOC tags: **cryptomining**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-02-24T00:00:00", "id": "RST:CE1E3C38-9D43-3312-AB7D-8D135D7CD076", "href": "", "published": "2021-02-24T00:00:00", "title": "RST Threat feed. IOC: binna.pms.api.btc.top", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-17T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **1cust94[.]us.api.binance.com** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2021-01-17T03:00:00, Last seen: 2021-01-17T03:00:00.\n IOC tags: **cryptomining**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-01-17T00:00:00", "id": "RST:D6A256AD-46B4-3312-975A-662F7E8384B2", "href": "", "published": "2021-02-24T00:00:00", "title": "RST Threat feed. IOC: 1cust94.us.api.binance.com", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-23T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **avito-cn[.]ru** in [RST Threat Feed](https://rstcloud.net/profeed) with score **14**.\n First seen: 2020-10-19T03:00:00, Last seen: 2021-02-23T03:00:00.\n IOC tags: **phishing**.\nDomain has DNS A records: 23[.]202.231.167,23.217.138.108\nWhois:\n Created: 2020-10-19 09:31:58, \n Registrar: REGRURU, \n Registrant: Private Person.\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-10-19T00:00:00", "id": "RST:1908F2E7-3312-33B7-B40A-DD36839E470A", "href": "", "published": "2021-02-24T00:00:00", "title": "RST Threat feed. IOC: avito-cn.ru", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-17T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **cpcalendars[.]webminepool.com** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2020-06-08T03:00:00, Last seen: 2021-01-17T03:00:00.\n IOC tags: **cryptomining**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-06-08T00:00:00", "id": "RST:56FA052E-F72E-3312-8229-D7E970CE9877", "href": "", "published": "2021-02-24T00:00:00", "title": "RST Threat feed. IOC: cpcalendars.webminepool.com", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-17T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **bot[.]miners.pro** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2019-12-15T03:00:00, Last seen: 2021-01-17T03:00:00.\n IOC tags: **cryptomining**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2019-12-15T00:00:00", "id": "RST:36D72777-0A79-3312-A7A3-EF83429BA175", "href": "", "published": "2021-02-24T00:00:00", "title": "RST Threat feed. IOC: bot.miners.pro", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-23T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **corona-compensatie[.]info** in [RST Threat Feed](https://rstcloud.net/profeed) with score **20**.\n First seen: 2021-01-25T03:00:00, Last seen: 2021-02-23T03:00:00.\n IOC tags: **malware**.\nWhois:\n Created: 2020-07-26 16:14:45, \n Registrar: unknown, \n Registrant: unknown.\nIOC could be a **False Positive** (Domain not resolved, but Whois records found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-01-25T00:00:00", "id": "RST:CF346102-4ECB-3312-B3B3-3129954AE5AC", "href": "", "published": "2021-02-24T00:00:00", "title": "RST Threat feed. IOC: corona-compensatie.info", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-17T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **coronacrypto[.]site** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2020-03-17T03:00:00, Last seen: 2021-01-17T03:00:00.\n IOC tags: **cryptomining**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-03-17T00:00:00", "id": "RST:61369516-DF1B-3312-B2B3-551104317E53", "href": "", "published": "2021-02-24T00:00:00", "title": "RST Threat feed. IOC: coronacrypto.site", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-23T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **cocaojoy[.]co** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2020-07-09T03:00:00, Last seen: 2021-02-23T03:00:00.\n IOC tags: **spam**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-07-09T00:00:00", "id": "RST:4771DF2C-ADA1-3312-BD17-9E870CDC2873", "href": "", "published": "2021-02-24T00:00:00", "title": "RST Threat feed. IOC: cocaojoy.co", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-23T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **176[.]119.156.146** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **14**.\n First seen: 2020-12-23T03:00:00, Last seen: 2021-02-23T03:00:00.\n IOC tags: **generic**.\nASN 48347: (First IP 176.119.156.0, Last IP 176.119.159.255).\nASN Name \"MTWAS\" and Organisation \"\".\nASN hosts 49546 domains.\nGEO IP information: City \"\", Country \"Russia\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-23T00:00:00", "id": "RST:9D570C86-45D2-3312-A899-9567EABC3647", "href": "", "published": "2021-02-24T00:00:00", "title": "RST Threat feed. IOC: 176.119.156.146", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-23T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **175[.]38.108.110** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **2**.\n First seen: 2020-01-02T03:00:00, Last seen: 2021-02-23T03:00:00.\n IOC tags: **malware**.\nASN 4804: (First IP 175.32.0.0, Last IP 175.39.255.255).\nASN Name \"MPXAS\" and Organisation \"Microplex PTY LTD\".\nASN hosts 1649 domains.\nGEO IP information: City \"Perth\", Country \"Australia\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-01-02T00:00:00", "id": "RST:85FCCB5F-6468-3312-9868-A1DFC47F501B", "href": "", "published": "2021-02-24T00:00:00", "title": "RST Threat feed. IOC: 175.38.108.110", "type": "rst", "cvss": {}}]}