Reported November 20, 2002, by Microsoft.

VERSIONS AFFECTED

 

·         Microsoft Data Access Components (MDAC) 2.6, 2.5, and 2.1

·         Microsoft Internet Explorer (IE) 6.0, 5.5, and 5.01

 

 

DESCRIPTION

 

This MDAC vulnerability can permit a potential attacker to execute arbitrary code on the vulnerable system. The vulnerability stems from an unchecked buffer in the Remote Data Services (RDS) Data Stub. By sending a specially malformed HTTP request to the Data Stub, a potential attacker can cause targeted data to overrun onto the heap.

 

VENDOR RESPONSE

 

Microsoft has released Security Bulletin MS02-065, "Buffer Overrun in Microsoft Data Access Components Could Lead to Code Execution" (Q329414), to address this vulnerability and recommends that affected users immediately apply the appropriate patch that the bulletin mentions.

 

CREDIT          

Discovered by Foundstone.