New Search

DSN Overflow Vulnerability

oval:org.mitre.oval:def:12333

Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted szDSN argument which bypasses a signed comparison and leads to a buffer overflow aka "DSN Overflow Vulnerability."

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows 7
  • Microsoft Windows XP
  • Microsoft Windows Vista
  • Microsoft Windows Server 2008
  • Microsoft Windows Server 2008 R2
  • Microsoft Windows Server 2003
Class:
vulnerability
Reference(s):
  • CVE-2011-0026
Product(s):
  • Microsoft Data Access Components