Title

Microsoft Data Access Components (MDAC) Remote Code Execution Vulnerability (Cat II impact)

Discussion

Check Content

See IAVM notice and vendor bulletin for additional information. Microsoft bulletin MS12-045 (2698365) Vulnerable Applications/Systems: Microsoft Data Access Components 2.8 Service Pack 1 Windows XP SP3 Microsoft Data Access Components 2.8 Service Pack 2 Windows XP Professional x64 Edition SP2 Windows Server 2003 SP2 (x86, x64 and Itanium) Windows Data Access Components 6.0 Windows Vista SP2 (x86 and x64) Windows Server 2008 SP2 (x86, x64 and Itanium) Windows 7 and Windows 7 SP1 (x86 and x64) Windows Server 2008 R2 and Windows Server 2008 R2 SP1 (x64 and Itanium) Verify the patch has been installed by checking that the following sample file is at the version indicated or later. See the vendor bulletin for additional information and any Vulnerable Systems\Applications not listed below. Msado15.dll Windows XP SP3 - 2.81.3014.0 Windows XP SP2 x64 - 2.82.5011.0 Windows 2003 SP2 - 2.82.5011.0 Windows Vista SP2 / 2008 SP2 - 6.0.6002.18644 or 22869 Windows 7 / 2008 R2 - 6.1.7600.17036 or 21227 Windows 7 SP1 / 2008 R2 SP1 - 6.1.7601.17857 or 22012

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-33313

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.