Lucene search

MicrosoftCVE-2011-0026

HistoryJan 12, 2011 - 1:00 a.m.

CVE-2011-0026

2011-01-1201:00:01

CWE-189

microsoft

web.nvd.nist.gov

cve

sqlconnectw

odbc

mdac

wdac

buffer overflow

vulnerability

dsn overflow

nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.7

Confidence

Low

EPSS

0.892

Percentile

98.8%

JSON

Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted szDSN argument, which bypasses a signed comparison and leads to a buffer overflow, aka “DSN Overflow Vulnerability.”

Affected configurations

Nvd

Node

microsoftdata_access_componentsMatch2.8sp1

AND

microsoftwindows_xp

Node

microsoftdata_access_componentsMatch2.8sp2

AND

microsoftwindows_2003_serversp2

microsoftwindows_server_2003sp2

microsoftwindows_xpMatch-sp2x64

Node

microsoftwindows_data_access_componentsMatch6.0

AND

microsoftwindows_7Match-

microsoftwindows_server_2008itanium

microsoftwindows_server_2008x32

microsoftwindows_server_2008x64

microsoftwindows_server_2008sp2x32

microsoftwindows_server_2008sp2x64

microsoftwindows_server_2008Match-sp2itanium

microsoftwindows_server_2008Matchr2itanium

microsoftwindows_server_2008Matchr2x64

microsoftwindows_vistasp1

microsoftwindows_vistasp2

VendorProductVersionCPE
microsoftdata_access_components2.8cpe:2.3:a:microsoft:data_access_components:2.8:sp1:*:*:*:*:*:*
microsoftwindows_xp*cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*
microsoftdata_access_components2.8cpe:2.3:a:microsoft:data_access_components:2.8:sp2:*:*:*:*:*:*
microsoftwindows_2003_server*cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
microsoftwindows_server_2003*cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
microsoftwindows_xp-cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*
microsoftwindows_data_access_components6.0cpe:2.3:a:microsoft:windows_data_access_components:6.0:*:*:*:*:*:*:*
microsoftwindows_7-cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
microsoftwindows_server_2008*cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*
microsoftwindows_server_2008*cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	data_access_components	2.8	cpe:2.3:a:microsoft:data_access_components:2.8:sp1::::::
microsoft	windows_xp	*	cpe:2.3:o:microsoft:windows_xp::::::::
microsoft	data_access_components	2.8	cpe:2.3:a:microsoft:data_access_components:2.8:sp2::::::
microsoft	windows_2003_server	*	cpe:2.3:o:microsoft:windows_2003_server::sp2::::::*
microsoft	windows_server_2003	*	cpe:2.3:o:microsoft:windows_server_2003::sp2::::::*
microsoft	windows_xp	-	cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:::::*
microsoft	windows_data_access_components	6.0	cpe:2.3:a:microsoft:windows_data_access_components:6.0:::::::*
microsoft	windows_7	-	cpe:2.3:o:microsoft:windows_7:-:::::::*
microsoft	windows_server_2008	*	cpe:2.3:o:microsoft:windows_server_2008:::itanium:::::*
microsoft	windows_server_2008	*	cpe:2.3:o:microsoft:windows_server_2008:::x32:::::*