VULHUB ™

Microsoft Data Access Components (MDAC) provide support for accessing databases, including Microsoft SQL Server, and are included with all versions of Microsoft Windows. A vulnerability has been reported in some versions of MDAC. A buffer overflow vulnerability exists in one of the ODBC functions of MDAC allowing an attacker to run arbitrary code on a victim's machine through a web page containing malicious code. The vulnerability may also be exploited via the T-SQL OpenRowSet command. An attacker able to call this function with an oversized parameter may exploit this issue to crash the SQL Server process, or possibly to execute arbitrary code as the server process. Exploitation may lead to local access, elevated privileges, or access to the database.

Microsoft Data Access Components (MDAC) provide support for accessing databases, including Microsoft SQL Server, and are included with all versions of Microsoft Windows. A vulnerability has been reported in some versions of MDAC. A buffer overflow vulnerability exists in one of the ODBC functions of MDAC allowing an attacker to run arbitrary code on a victim's machine through a web page containing malicious code. The vulnerability may also be exploited via the T-SQL OpenRowSet command. An attacker able to call this function with an oversized parameter may exploit this issue to crash the SQL Server process, or possibly to execute arbitrary code as the server process. Exploitation may lead to local access, elevated privileges, or access to the database.