Reported August 20, 2003, by Microsoft.

 

VERSIONS AFFECTED

 

  • Microsoft Data Access Components (MDAC) 2.7, 2.6, and 2.5

 

DESCRIPTION

 

A new vulnerability in Microsoft Data Access Components (MDAC) can result in the compromise of a vulnerable computer. This vulnerability is the result of a flaw in a specific MDAC component that handles broadcast requests. By responding to a request with a specially crafted packet, an attacker can create a buffer overflow.

 

VENDOR RESPONSE

 

Microsoft has released Security Bulletin MS03-033, "Unchecked Buffer in MDAC Function Could Enable System Compromise (823718)," to address this vulnerability and recommends that affected users apply the appropriate patch mentioned in the bulletin.

 

CREDIT

Discovered by Aaron C. Newman of Application Security, Inc.