Microsoft Windows Data Access Components contains heap overflow in Data Stubs when parsing a malformed HTTP request

Overview

A vulnerability in the Microsoft Data Access Components (MDAC) could lead to remote execution of code with the privileges of the current process, or user.

Description

Microsoft Data Access Components (MDAC) is a collection of utilities and routines to process requests between databases and network applications. A buffer overflow vulnerability exists in the Remote Data Services (RDS) component of MDAC.

The RDS component provides an intermediary step for a client’s request for service from a back-end database which enables the web site to apply business logic to the request.

According to Microsoft’s Security Bulletin MS02-065, a routine in the RDS component, specifically the RDS Data Stub function, contains an unchecked buffer. The RDS Data Stub function’s purpose is to parse incoming HTTP requests and generate RDS commands. This unchecked buffer could be exploited to cause a heap overflow.

Both web servers and client applications that rely on MDAC are affected. It is recommended that all users of Microsoft Windows 98, Windows 98 SE, Windows ME, Windows NT Windows 4.0, and Windows 2000 apply the patch (Q329414). Windows XP users are not affected as MDAC 2.7, the non-vulnerable version, is installed by default.

---

Impact

A remote attacker could execute arbitrary code with the privileges of the application that processed the request.

In the case of a web server, or other service, this is likely to be SYSTEM, or another account with elevated privileges.

In the case of a client application, or other service, this is the account used to view the web page.

---

Solution

Apply a patch from your vendor.

Microsoft has released a patch (Q329414) and Security Bulletin MS02-065 to address this issue. An end-user version of the document is available at http://www.microsoft.com/security/security_bulletins/ms02-065.asp.

Note that a vulnerable version of the control may be installed on a Windows system that never had the vulnerable control installed prior to the patch being applied. This is due to the fact that the vulnerable ActiveX control is signed by Microsoft and the patch does not set the kill bit for the MDAC control.

---

Vendor Information

542081

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Microsoft Corporation __ Affected

Notified: November 20, 2002 Updated: November 20, 2002

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see <http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-065.asp&gt;.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23542081 Feedback>).

CVSS Metrics

Group	Score	Vector
Base
Temporal
Environmental

References

• <http://www.microsoft.com/security/security_bulletins/ms02-065.asp&gt;
• <http://www.microsoft.com/technet/security/bulletin/MS02-065.asp&gt;
• <http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnmdac/html/technologyfeatures.asp&gt;
• <http://www.foundstone.com/knowledge/randd-advisories-display.html?id=337&gt;

Acknowledgements

This vulnerability was reported in an advisory by Foundstone and in MS02-065 by Microsoft.

This document was written by Jason A Rafail.

Other Information

CVE IDs:	CVE-2002-1142
CERT Advisory:	CA-2002-33 Severity Metric: