Oval Definition:oval:org.mitre.oval:def:12333
Revision Date:2015-08-10Version:18
Title:DSN Overflow Vulnerability
Description:Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted szDSN argument, which bypasses a signed comparison and leads to a buffer overflow, aka "DSN Overflow Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2011-0026
Platform(s):Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Microsoft Data Access Components
Definition Synopsis
  • Microsoft Data Access Components is installed
  • AND
  • Microsoft Data Access Components 2.8 SP1 on Windows XP x86
  • Microsoft Windows XP (32-bit) is installed
  • AND Microsoft Data Access Components 2.8 (SP1) is installed
  • AND the version of msado15.dll is less than 2.81.3012.0
  • OR Microsoft Data Access Components 2.8 SP2 on Microsoft Windows XP x64, Server 2003 x86/x64/ia64
  • XP x64/server 2003 x86/x64/ia64
  • Microsoft Windows XP x64 is installed
  • OR Microsoft Windows Server 2003 (32-bit) is installed
  • OR Microsoft Windows Server 2003 (x64) is installed
  • OR Microsoft Windows Server 2003 (ia64) Gold is installed
  • AND Microsoft Data Access Components 2.8 SP2 is installed
  • AND the version of msado15.dll is less than 2.82.4795.0
  • OR Microsoft Data Access Components 6.0 on Microsoft Windows Vista x86/x64, Server 2008 x86/x64/ia64
  • Vista x86/x64, Server 2008 x86/x64/ia64
  • Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • OR Microsoft Windows Server 2008 (ia-64) is installed
  • AND Microsoft Data Access Components 6.0 is installed
  • AND GDR or LDR Service branch
  • the version of msado15.dll is less than 6.0.6001.18570
  • OR LDR
  • the version of msado15.dll is greater than or equal 6.0.6001.22000
  • AND the version of msado15.dll is less than 6.0.6001.22821
  • OR Microsoft Data Access Components 6.0 on Microsoft Windows Vista x86/x64, Server 2008 x86/x64/ia64
  • Vista x86/x64, Server 2008 x86/x64/ia64
  • Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • OR Microsoft Windows Server 2008 (ia-64) is installed
  • AND Microsoft Data Access Components 6.0 is installed
  • AND GDR or LDR Service branch
  • the version of msado15.dll is less than 6.0.6002.18362
  • OR LDR
  • the version of msado15.dll is greater than or equal 6.0.6002.22000
  • AND the version of msado15.dll is less than 6.0.6002.22555
  • OR Microsoft Data Access Components 6.0 or 6.1 on Microsoft Windows 7 x86/x64, Server 2008 R2 x64/ia64
  • 7 x86/x64, Server 2008 R2 x64/ia64
  • Microsoft Windows 7 (32-bit) is installed
  • OR Microsoft Windows 7 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
  • AND MDAC 6.0 or MDAC 6.1
  • Microsoft Data Access Components 6.0 is installed
  • OR Microsoft Data Access Components 6.1 is installed
  • AND GDR or LDR Service branch
  • the version of msado15.dll is less than 6.1.7600.16688
  • OR LDR
  • the version of msado15.dll is greater than or equal 6.1.7600.20000
  • AND the version of msado15.dll is less than 6.1.7600.20818
    • BACK