Advertisement
Promo

Become a member of the ZDNet UK community

Resources Downloads

Download Now

Buffer Overrun in MDAC Function Could Allow Code Execution (832483) 1.0


 License Update
Requirements Windows 2000/XP/2003 Server, SQL Server 2000
Downloads 0 Limitations None
Publisher Microsoft File Size 0
Date added 13 Jan 2004 Check your speed

Report a broken link

Microsoft Data Access Components (MDAC) is a collection of components that provides the underlying functionality for a number of database operations, such as connecting to remote databases and returning data to a client. When a client system on a network tries to see a list of computers that are running SQL Server and that reside on the network, it sends a broadcast request to all the devices that are on the network. Because of a vulnerability in a specific MDAC component, an attacker could respond to this request with a specially-crafted packet that could cause a buffer overflow.

An attacker who successfully exploited this vulnerability could gain the same level of privileges over the system as the program that initiated the broadcast request. The actions an attacker could carry out would be dependent on the permissions under which the program using MDAC ran. If the program ran with limited privileges, an attacker would be limited accordingly; however, if the program ran under the local system context, the attacker would have the same level of permissions.

Since the original version of MDAC on your system may have changed from updates available on the Microsoft Web site, we recommend using the following tool to determine the version of MDAC you have on your system: Microsoft Knowledge Base article 301202 "HOW TO: Check for MDAC Version" discusses this tool and explains how to use it. Also, Microsoft Knowledge Base article 231943 discusses the release history of the different versions of MDAC.

Mitigating factors:

  • For an attack to be successful an attacker would have to simulate a SQL server that is on the same IP subnet as the target system.
  • When a client system on a network tries to see a list of computers that are running SQL Server and that reside on the network, it sends a broadcast request to all the devices that are on the network. A target system must initiate such a broadcast request to be vulnerable to an attack. An attacker would have no way of launching this first step but would have to wait for anyone to enumerate computers that are running SQL Server on the same subnet. Also, a system is not vulnerable by having these SQL management tools installed.
  • Code executed on the client system would only run under the privileges of the client program that made the broadcast request.

    Download Now

    Did you find this download useful?
    0 out of 1 users found this download useful


Broadband Deals? Powered by Top 10 Broadband

150+ broadband packages

Compare 30+ mobile broadband deals

Mobile Broadband »

Download

Trend Micro Worry-Free Business Security Advanced

Trend Micro™ Worry-Free™ Business Security Advanced and Standard 6. #1 for Small Business Security

  • Downloads: 1,249
  • Requirements: Processor: Intel™ Pentium™ or AMD™. RAM: 256MB-1GB (operating system dependant). Disk space: 350MB. Web Browser: Microsoft™ Internet Explorer 6.0 or 7.0.
  • License:
  • Publisher:
  • Size: 0

Download Now

Google Chrome Special Report

All roads lead to Chrome

All roads lead to Chrome

Comment With its new browser, Google has finally taken its gaudy, chrome-plated, futuristic ray gun and pointed it straight at Microsoft's head

News Google to unveil open-source 'Chrome' browser

News Mozilla welcomes competition from Google's Chrome

More Special Reports


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters