Title

Microsoft Data Access Components Remote Code Execution Vulnerabilities (Cat II impact)

Discussion

Microsoft has reported multiple vulnerabilities affecting Microsoft Data Access Components (MDAC). Microsoft Data Access Components is a collection of components that make it easy for programs to access databases and then to manipulate the data within them. To exploit these vulnerabilities, an attacker would entice a user to access a malicious or compromised web site. If successfully exploited, these vulnerabilities would allow an attacker to execute arbitrary code and compromise the affected system. At this time, there are no known exploits associated with these vulnerabilities; USCYBERCOM is not aware of any DoD related incidents. DSN Overflow Vulnerability - (CVE-2011-0026): A remote code execution vulnerability exists in the way that Microsoft Data Access Components validates third-party API usage. A buffer overflow exists in the Data Source Name (DSN) argument of an Open Database Connectivity (ODBC) API that may be used by third-party applications. This vulnerability could allow code execution if a user visited a specially crafted Web page. Note: There are no Microsoft applications that expose this vulnerability. However, third-party applications may allow access to Open Database Connectivity (ODBC) APIs from untrusted sources and thus expose this vulnerability remotely. ADO Record Memory Vulnerability - (CVE-2011-0027): A remote code execution vulnerability exists in the way that Microsoft Data Access Components validates memory allocation. MDAC does not correctly allocate memory when handling internal data structures. This vulnerability could allow code execution if a user visited a specially crafted Web page.

Check Content

See IAVM notice and vendor bulletin for additional information. Microsoft Bulletin MS11-002 (2451910). Vulnerable Applications/Systems: Windows XP SP3 Windows XP Professional x64 Edition SP2 Windows Server 2003 SP2 (x86, x64 and Itanium) Windows Vista SP1 and SP2 (x86 and x64) Windows Server 2008 and Windows Server 2008 SP2 (x86*, x64* and Itanium) Windows 7 (x86 and x64) Windows Server 2008 R2 (x64* and Itanium) *Server Core installation affected. Verify that the patch has been installed by checking that the following sample file is at the version indicated or later. See the vendor bulletin for additional information and any Vulnerable Systems\Applications not listed below. Msadco.dll MDAC 2.8 SP1 Windows XP SP3 2.81.3012.0 MDAC 2.8 SP2 Windows XP SP2 x64 2.82.4795.0 Windows 2003 SP2 2.82.4795.0 MDAC 6.0 Windows Vista SP1 / 2008 6.0.6001.18570 or 22821 Windows Vista SP2 / 2008 SP2 6.0.6002.18362 or 22555 Windows 7 and 2008 R2 Fixed by SP1 Windows 7 / 2008 R2 6.1.7600.16688 or 20818

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-25887

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.