Oval Definition:oval:org.mitre.oval:def:12411
Revision Date:2015-08-10Version:16
Title:ADO Record Memory Vulnerability
Description:Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka "ADO Record Memory Vulnerability." NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2011-0027
Platform(s):Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Microsoft Data Access Components
Definition Synopsis
  • Microsoft Data Access Components is installed
  • AND
  • Microsoft Data Access Components 2.8 SP1 on Windows XP x86 SP3
  • Microsoft Windows XP (x86) SP3 is installed
  • AND Microsoft Data Access Components 2.8 (SP1) is installed
  • AND the version of msado15.dll is less than 2.81.3012.0
  • OR Microsoft Data Access Components 2.8 SP2 on Microsoft Windows XP x64 SP2, Server 2003 x86/x64/ia64 SP2
  • Microsoft Windows XP x64 Edition SP2 is installed
  • OR Microsoft Windows Server 2003 SP2 (x86) is installed
  • OR Microsoft Windows Server 2003 SP2 (x64) is installed
  • OR Microsoft Windows Server 2003 (ia64) SP2 is installed
  • AND Microsoft Data Access Components 2.8 SP2 is installed
  • AND the version of msado15.dll is less than 2.82.4795.0
  • OR Microsoft Data Access Components 6.0 on Microsoft Windows Vista x86/x64 SP1, Server 2008 x86/x64/ia64
  • Microsoft Windows Vista (32-bit) Service Pack 1 is installed
  • OR Microsoft Windows Vista x64 Edition Service Pack 1 is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • OR Microsoft Windows Server 2008 (ia-64) is installed
  • AND Microsoft Data Access Components 6.0 is installed
  • AND GDR or LDR Service branch
  • the version of msado15.dll is less than 6.0.6001.18570
  • OR LDR
  • the version of msado15.dll is greater than or equal 6.0.6001.22000
  • AND the version of msado15.dll is less than 6.0.6001.22821
  • OR Microsoft Data Access Components 6.0 on Microsoft Windows Vista x86/x64 SP2, Server 2008 x86/x64/ia64 SP2
  • Microsoft Windows Vista (32-bit) Service Pack 2 is installed
  • OR Microsoft Windows Vista x64 Edition Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed
  • AND Microsoft Data Access Components 6.0 is installed
  • AND GDR or LDR Service branch
  • the version of msado15.dll is less than 6.0.6002.18362
  • OR LDR
  • the version of msado15.dll is greater than or equal 6.0.6002.22000
  • AND the version of msado15.dll is less than 6.0.6002.22555
  • OR Microsoft Data Access Components 6.0 or 6.1 on Microsoft Windows 7 x86/x64, Server 2008 R2 x64/ia64
  • Microsoft Windows 7 (32-bit) is installed
  • OR Microsoft Windows 7 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
  • AND MDAC 6.0 or MDAC 6.1
  • Microsoft Data Access Components 6.0 is installed
  • OR Microsoft Data Access Components 6.1 is installed
  • AND GDR or LDR Service branch
  • the version of msado15.dll is less than 6.1.7600.16688
  • OR LDR
  • the version of msado15.dll is greater than or equal 6.1.7600.20000
  • AND the version of msado15.dll is less than 6.1.7600.20818
  • BACK