Reported January 13, 2004, by Microsoft.

 

 

 

VERSIONS AFFECTED

 

·         Microsoft Data Access Components (MDAC) 2.8 (included with Windows Server 2003)

·         MDAC 2.7 (included with Windows XP)

·         MDAC 2.6 (included with SQL Server 2000)

·         MDAC 2.5 (included with Windows 2000)

 

DESCRIPTION

·         A buffer-overrun vulnerability in Microsoft Data Access Components can result in the execution of arbitrary code under the security context in which MDAC runs.

 

VENDOR RESPONSE

Microsoft has released security bulletin MS04-003, " Buffer Overrun in MDAC Function Could Allow Code Execution (832483)," to address this vulnerability and recommends that affected users immediately apply the appropriate patch listed in the bulletin.

 

CREDIT

Discovered by Microsoft.