Vulnerabilities > CVE-2003-0353 - Buffer Overflow vulnerability in Microsoft Data Access Components ODBC
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434.
Vulnerable Configurations
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS02-040.NASL |
description | The remote Microsoft Data Access Component (MDAC) server is vulnerable to a flaw that could allow an attacker to execute arbitrary code on this host, provided he can load and execute a database query on this server. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 11301 |
published | 2003-03-01 |
reporter | This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/11301 |
title | MS02-040 / MS03-033: Unchecked buffer in MDAC Function (326573 / 823718) |
code |
|
Oval
accepted 2004-08-04T12:00:00.000-04:00 class vulnerability contributors name Christine Walzer organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Josh Turpin organization Symantec Corporation
description Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434. family windows id oval:org.mitre.oval:def:1039 status deprecated submitted 2004-05-04T12:00:00.000-04:00 title Microsoft Data Access Components SQL-DMO Buffer Overflow (Test 3) version 64 accepted 2010-06-14T04:00:27.316-04:00 class vulnerability contributors name Josh Turpin organization Symantec Corporation definition_extensions comment Microsoft Windows 2000 is installed oval oval:org.mitre.oval:def:85 comment Microsoft Windows 2000 is installed oval oval:org.mitre.oval:def:85 comment Microsoft Windows 2000 is installed oval oval:org.mitre.oval:def:85 comment Microsoft Windows XP is installed oval oval:org.mitre.oval:def:105
description Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434. family windows id oval:org.mitre.oval:def:6954 status accepted submitted 2010-04-30T14:00:00 title Buffer overflow vulnerability in MDAC Function version 71 accepted 2005-03-23T08:09:00.000-04:00 class vulnerability contributors name Christine Walzer organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Josh Turpin organization Symantec Corporation
description Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434. family windows id oval:org.mitre.oval:def:961 status deprecated submitted 2004-05-04T12:00:00.000-04:00 title Microsoft Data Access Components SQL-DMO Buffer Overflow (Test 1) version 65 accepted 2004-06-16T12:00:00.000-04:00 class vulnerability contributors name Christine Walzer organization The MITRE Corporation name Josh Turpin organization Symantec Corporation
description Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434. family windows id oval:org.mitre.oval:def:962 status deprecated submitted 2004-05-04T12:00:00.000-04:00 title Microsoft Data Access Components SQL-DMO Buffer Overflow (Test 2) version 64
References
- http://marc.info/?l=bugtraq&m=106149556627778&w=2
- http://marc.info/?l=ntbugtraq&m=106251069107953&w=2
- http://www.securityfocus.com/bid/8455
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-033
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1039
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6954
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A961
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A962