ID CVE-2011-0026
Summary Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted szDSN argument, which bypasses a signed comparison and leads to a buffer overflow, aka "DSN Overflow Vulnerability."
References
Vulnerable Configurations
  • Microsoft Data Access Components (MDAC) 2.8 Service Pack 1
    cpe:2.3:a:microsoft:data_access_components:2.8:sp1
  • Microsoft Windows XP
    cpe:2.3:o:microsoft:windows_xp
  • Microsoft Data Access Components (MDAC) 2.8 Service Pack 2
    cpe:2.3:a:microsoft:data_access_components:2.8:sp2
  • Microsoft Windows 2003 Server Service Pack 2
    cpe:2.3:o:microsoft:windows_2003_server:-:sp2
  • Microsoft Windows Server 2003 Service Pack 2
    cpe:2.3:o:microsoft:windows_server_2003:-:sp2
  • Microsoft Windows XP Service Pack 2 x64 (64-bit)
    cpe:2.3:o:microsoft:windows_xp:-:sp2:x64
  • Microsoft Windows Data Access Components (WDAC) 6.0
    cpe:2.3:a:microsoft:windows_data_access_components:6.0
  • Microsoft Windows 7
    cpe:2.3:o:microsoft:windows_7
  • cpe:2.3:o:microsoft:windows_server_2008:-:itanium
    cpe:2.3:o:microsoft:windows_server_2008:-:itanium
  • cpe:2.3:o:microsoft:windows_server_2008:-:x32
    cpe:2.3:o:microsoft:windows_server_2008:-:x32
  • cpe:2.3:o:microsoft:windows_server_2008:-:x64
    cpe:2.3:o:microsoft:windows_server_2008:-:x64
  • Windows Server 2008 Service Pack 2 for 32-bit systems
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x32
  • Microsoft Windows Server 2008 Service Pack 2 x64 (64-bit)
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64
  • Microsoft Windows Server 2008 Service Pack 2 for Itanium-Based Systems
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium
  • Windows Server 2008 R2 for Itanium-based Systems
    cpe:2.3:o:microsoft:windows_server_2008:r2:-:itanium
  • Windows Server 2008 R2 for 32-bit Systems
    cpe:2.3:o:microsoft:windows_server_2008:r2:-:x64
  • Microsoft Windows Vista Service Pack 1 (initial release)
    cpe:2.3:o:microsoft:windows_vista:-:sp1
  • Microsoft Windows Vista Service Pack 1 x64 (64-bit)
    cpe:2.3:o:microsoft:windows_vista:-:sp1:x64
  • Microsoft Windows Vista Service Pack 2
    cpe:2.3:o:microsoft:windows_vista:-:sp2
  • Microsoft Windows Vista Service Pack 2 x64 (64-bit)
    cpe:2.3:o:microsoft:windows_vista:-:sp2:x64
CVSS
Base: 9.3 (as of 12-01-2011 - 11:33)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
msbulletin via4
bulletin_id MS11-002
bulletin_url
date 2011-01-11T00:00:00
impact Remote Code Execution
knowledgebase_id 2451910
knowledgebase_url
severity Critical
title Vulnerabilities in Microsoft Data Access Components Could Allow Remote Code Execution
nessus via4
NASL family Windows : Microsoft Bulletins
NASL id SMB_NT_MS11-002.NASL
description The version of Microsoft Data Access Components (MDAC) installed on the remote Windows host is affected by two vulnerabilities, which could allow arbitrary code execution if a user views a specially crafted web page: - A buffer overflow in the Open Database Connectivity (ODBC) API used by third-party applications can be triggered by an overly long Data Source Name (DSN) argument. (CVE-2011-0026) - A failure of MDAC to correctly allocate memory when handling internal data structures in ActiveX Data Objects (ADO) records can be abused to execute arbitrary code. (CVE-2011-0027)
last seen 2019-02-21
modified 2018-11-15
plugin id 51455
published 2011-01-11
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=51455
title MS11-002: Vulnerabilities in Microsoft Data Access Components Could Allow Remote Code Execution (2451910)
oval via4
accepted 2015-08-10T04:00:11.197-04:00
class vulnerability
contributors
  • name Josh Turpin
    organization Symantec Corporation
  • name Dragos Prisaca
    organization Symantec Corporation
  • name Maria Mikhno
    organization ALTX-SOFT
  • name Maria Mikhno
    organization ALTX-SOFT
  • name Maria Mikhno
    organization ALTX-SOFT
definition_extensions
  • comment Microsoft Data Access Components is installed
    oval oval:org.mitre.oval:def:29323
  • comment Microsoft Windows XP (32-bit) is installed
    oval oval:org.mitre.oval:def:1353
  • comment Microsoft Windows XP x64 is installed
    oval oval:org.mitre.oval:def:15247
  • comment Microsoft Windows Server 2003 (32-bit) is installed
    oval oval:org.mitre.oval:def:1870
  • comment Microsoft Windows Server 2003 (x64) is installed
    oval oval:org.mitre.oval:def:730
  • comment Microsoft Windows Server 2003 (ia64) Gold is installed
    oval oval:org.mitre.oval:def:396
  • comment Microsoft Windows Vista (32-bit) is installed
    oval oval:org.mitre.oval:def:1282
  • comment Microsoft Windows Vista x64 Edition is installed
    oval oval:org.mitre.oval:def:2041
  • comment Microsoft Windows Server 2008 (32-bit) is installed
    oval oval:org.mitre.oval:def:4870
  • comment Microsoft Windows Server 2008 (64-bit) is installed
    oval oval:org.mitre.oval:def:5356
  • comment Microsoft Windows Server 2008 (ia-64) is installed
    oval oval:org.mitre.oval:def:5667
  • comment Microsoft Windows Vista (32-bit) is installed
    oval oval:org.mitre.oval:def:1282
  • comment Microsoft Windows Vista x64 Edition is installed
    oval oval:org.mitre.oval:def:2041
  • comment Microsoft Windows Server 2008 (32-bit) is installed
    oval oval:org.mitre.oval:def:4870
  • comment Microsoft Windows Server 2008 (64-bit) is installed
    oval oval:org.mitre.oval:def:5356
  • comment Microsoft Windows Server 2008 (ia-64) is installed
    oval oval:org.mitre.oval:def:5667
  • comment Microsoft Windows 7 (32-bit) is installed
    oval oval:org.mitre.oval:def:6165
  • comment Microsoft Windows 7 x64 Edition is installed
    oval oval:org.mitre.oval:def:5950
  • comment Microsoft Windows Server 2008 R2 x64 Edition is installed
    oval oval:org.mitre.oval:def:6438
  • comment Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
    oval oval:org.mitre.oval:def:5954
description Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted szDSN argument, which bypasses a signed comparison and leads to a buffer overflow, aka "DSN Overflow Vulnerability."
family windows
id oval:org.mitre.oval:def:12333
status accepted
submitted 2011-01-11T13:00:00
title DSN Overflow Vulnerability
version 31
refmap via4
bid 45695
cert TA11-011A
confirm http://support.avaya.com/css/P8/documents/100124846
misc http://www.zerodayinitiative.com/advisories/ZDI-11-001/
ms MS11-002
osvdb 70443
sectrack 1024947
secunia 42804
vupen ADV-2011-0075
Last major update 18-07-2011 - 22:42
Published 11-01-2011 - 20:00
Last modified 26-02-2019 - 09:04
Back to Top