Vulnerability CVE-2002-1142

Vulnerability Name:

CVE-2002-1142 (CCN-10659)

Assigned:

2002-11-20

Published:

2002-11-20

Updated:

2021-07-23

Summary:

Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
6.2 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Access Complexity (AC): Authentication (Au):
Impact Metrics:	Confidentiality (C): Integrity (I): Availibility (A):

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
6.2 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Access Complexity (AC): Athentication (Au):
Impact Metrics:	Confidentiality (C): Integrity (I): Availibility (A):

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Gain Access

References:

Vulnerable Configuration:

Configuration 1:

cpe:/a:microsoft:data_access_components:2.5:*:*:*:*:*:*:*

OR cpe:/a:microsoft:data_access_components:2.6:*:*:*:*:*:*:*

OR cpe:/a:microsoft:ie:6.0:sp1:*:*:*:*:*:*

OR cpe:/a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*

OR cpe:/a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*

OR cpe:/a:microsoft:data_access_components:2.1:*:*:*:*:*:*:*

OR cpe:/a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*

OR cpe:/a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*

OR cpe:/a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*

OR cpe:/a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*

OR cpe:/a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:microsoft:data_access_components:2.5:*:*:*:*:*:*:*

OR cpe:/a:microsoft:data_access_components:2.6:*:*:*:*:*:*:*

OR cpe:/a:microsoft:data_access_components:2.1:*:*:*:*:*:*:*

Denotes that component is vulnerable

Vulnerability Name:

CVE-2002-1142 (CCN-10669)

Assigned:

2002-11-20

Published:

2002-11-20

Updated:

2018-10-12

Summary:

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
6.2 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Access Complexity (AC): Authentication (Au):
Impact Metrics:	Confidentiality (C): Integrity (I): Availibility (A):

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
6.2 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Access Complexity (AC): Athentication (Au):
Impact Metrics:	Confidentiality (C): Integrity (I): Availibility (A):

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Gain Access

References:

Source: CCN
Type: Internet Security Systems Security Alert, November 21, 2002
Microsoft MDAC Remote Compromise Vulnerability

Source: MITRE
Type: CNA
CVE-2002-1142

Source: CCN
Type: CERT Advisory CA-2002-33
Heap Overflow Vulnerability in Microsoft Data Access Components (MDAC)

Source: CCN
Type: CIAC Information Bulletin N-016
Buffer Overrun in Microsoft Data Access Components (MDAC)

Source: CCN
Type: Foundstone Research Labs Advisory - 112002 - MDAC
Remotely Exploitable Buffer Overflow in Microsoft MDAC

Source: CCN
Type: US-CERT VU#542081
Microsoft Windows Data Access Components contains heap overflow in Data Stubs when parsing a malformed HTTP request

Source: CCN
Type: Microsoft Corporation Web site
What You Should Know About Microsoft Security Bulletin MS02-065

Source: CCN
Type: Microsoft Security Bulletin MS02-065
Buffer Overrun in Microsoft Data Access Components Could Lead to Code Execution (Q329414)

Source: CCN
Type: BID-6214
Microsoft Data Access Components RDS Buffer Overflow Vulnerability

Source: XF
Type: UNKNOWN
mdac-rds-client-bo(10669)

Source: CCN
Type: Rapid7 Vulnerability and Exploit Database
MS02-065 Microsoft IIS MDAC msadcs.dll RDS DataStub Content-Type Overflow

Vulnerable Configuration:

Configuration CCN 1:

cpe:/a:microsoft:data_access_components:2.5:*:*:*:*:*:*:*

OR cpe:/a:microsoft:data_access_components:2.6:*:*:*:*:*:*:*

OR cpe:/a:microsoft:data_access_components:2.1:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:294	V	Microsoft Data Access Components 2.6 Remote Data Services Buffer Overflow	2008-05-05
oval:org.mitre.oval:def:2730	V	Microsoft Data Access Components 2.5 Remote Data Services Buffer Overflow	2008-05-05
oval:org.mitre.oval:def:3573	V	Microsoft Data Access Components 2.1 Remote Data Services Buffer Overflow	2008-05-05

BACK