CVE-2011-0026
9.3
Vector
AV:N/AC:M/Au:N/C:C/I:C/A:C
Exploitability: 8.6 / Impact: 10.0
Source: NVD
Description
Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted szDSN argument, which bypasses a signed comparison and leads to a buffer overflow, aka "DSN Overflow Vulnerability."
Affected (3)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 2.8 sp1 |
| Running on/with | Platform Versions |
|---|---|
Microsoft Windows Xp | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 2.8 sp2 |
| Running on/with | Platform Versions |
|---|---|
Microsoft Windows 2003 Server | All versions |
Microsoft Windows Server 2003 | All versions |
Microsoft Windows Xp | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Version 6.0 |
| Running on/with | Platform Versions |
|---|---|
Microsoft Windows 7 | All versions |
Microsoft Windows Server 2008 | All versions |
Microsoft Windows Vista | All versions |
Related CWEs
References (20)
Source: secure@microsoft.com
Source: secure@microsoft.com
Source: secure@microsoft.com
Source: secure@microsoft.com
Source: secure@microsoft.com
Source: secure@microsoft.com
US Government Resource
Source: secure@microsoft.com
Source: secure@microsoft.com
Source: secure@microsoft.com
Source: secure@microsoft.com
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Timeline
No history available yet.