Reported November 20, 2002, by Microsoft.
· Microsoft Data Access Components (MDAC) 2.6, 2.5, and 2.1
· Microsoft Internet Explorer (IE) 6.0, 5.5, and 5.01
This MDAC vulnerability can permit a potential attacker to execute arbitrary code on the vulnerable system. The vulnerability stems from an unchecked buffer in the Remote Data Services (RDS) Data Stub. By sending a specially malformed HTTP request to the Data Stub, a potential attacker can cause targeted data to overrun onto the heap.
Microsoft has released Security Bulletin MS02-065, "Buffer Overrun in Microsoft Data Access Components Could Lead to Code Execution" (Q329414), to address this vulnerability and recommends that affected users immediately apply the appropriate patch that the bulletin mentions.
Discovered by Foundstone.