ID CVE-2002-1142
Summary Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:data_access_components:2.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:data_access_components:2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:data_access_components:2.5:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:data_access_components:2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:data_access_components:2.6:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:data_access_components:2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.0.1:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.0.1:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.0.1:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.0.1:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 12-10-2018 - 21:31)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
oval via4
  • accepted 2008-05-05T04:00:18.440-04:00
    class vulnerability
    contributors
    • name Ingrid Skoog
      organization The MITRE Corporation
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Jeff Cheng
      organization Opsware, Inc.
    • name Clifford Farrugia
      organization GFI Software
    description Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.
    family windows
    id oval:org.mitre.oval:def:2730
    status accepted
    submitted 2004-08-24T12:00:00.000-04:00
    title Microsoft Data Access Components 2.5 Remote Data Services Buffer Overflow
    version 9
  • accepted 2008-05-05T04:00:19.709-04:00
    class vulnerability
    contributors
    • name Ingrid Skoog
      organization The MITRE Corporation
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Jeff Cheng
      organization Opsware, Inc.
    • name Clifford Farrugia
      organization GFI Software
    description Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.
    family windows
    id oval:org.mitre.oval:def:294
    status accepted
    submitted 2004-08-24T12:00:00.000-04:00
    title Microsoft Data Access Components 2.6 Remote Data Services Buffer Overflow
    version 9
  • accepted 2008-05-05T04:00:20.879-04:00
    class vulnerability
    contributors
    • name Ingrid Skoog
      organization The MITRE Corporation
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Jeff Cheng
      organization Opsware, Inc.
    • name Clifford Farrugia
      organization GFI Software
    description Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.
    family windows
    id oval:org.mitre.oval:def:3573
    status accepted
    submitted 2004-08-24T12:00:00.000-04:00
    title Microsoft Data Access Components 2.1 Remote Data Services Buffer Overflow
    version 9
refmap via4
bid 6214
cert CA-2002-33
cert-vn VU#542081
misc http://www.foundstone.com/knowledge/randd-advisories-display.html?id=337
ms MS02-065
vulnwatch 20021120 Foundstone Advisory
xf
  • mdac-rds-client-bo(10669)
  • mdac-rds-server-bo(10659)
Last major update 12-10-2018 - 21:31
Published 29-11-2002 - 05:00
Back to Top