Title: Microsoft Active Data Objects Buffer Overflow Vulnerability
Severity: HIGH
Description:
A reliable source has reported an exploitable buffer overflow condition in Microsoft Active Data Objects (ADO).
Microsoft ADO are an Active-X object that handles data from the server to the web client. Microsoft ADO support any ODBC database. ADO ships as a part of MDAC (Microsoft Data Access Components).
This vulnerability may pose a risk for users of Microsoft Internet Explorer, but is not present in the default configuration of the web browser. This issue is only present if the browser is configured to allow access to datasources across domains.
Under some circumstances, there also may be a risk for Microsoft IIS servers, in the case that the server is being used to host content which may come from an untrusted source. The attacker must be able to upload an ASP page and execute it to exploit this issue in Microsoft IIS servers. If the attacker has the ability to do this, then many other avenues of attack exist.
Affected Products:
- Microsoft MDAC 2.5.0RTM
- Microsoft MDAC 2.5.0SP1
- Microsoft MDAC 2.5.0SP2
- Microsoft MDAC 2.6.0RTM
- Microsoft MDAC 2.6.0SP1
- Microsoft MDAC 2.7.0RTM Refresh
References:
- Next Generation Security Software: Microsoft Active Data Objects Buffer Overflow
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
