Vulnerability CVE-2012-1891 - CERT Civis.Net

Vulnerability Name:

CVE-2012-1891 (CCN-76717)

Assigned:

2012-07-10

Published:

2012-07-10

Updated:

2020-09-28

Summary:

Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE Vulnerability."

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2012-1891

Source: CCN
Type: SA49743
Microsoft Windows Data Access Components Vulnerability

Source: CCN
Type: Microsoft Security Bulletin MS12-045
Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (2698365)

Source: CCN
Type: BID-54308
Microsoft Data Access Components CVE-2012-1891 Buffer Overflow Vulnerability

Source: CERT
Type: US Government Resource
TA12-192A

Source: MS
Type: UNKNOWN
MS12-045

Source: XF
Type: UNKNOWN
mdac-xml-code-exec(76717)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:14783

Source: CCN
Type: ZDI-12-158
Microsoft Internet Explorer MSADO CacheSize Remote Code Execution Vulnerability

Vulnerable Configuration:

Configuration 1:

cpe:/a:microsoft:data_access_components:2.8:sp1:*:*:*:*:*:*

AND

cpe:/o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*

Configuration 2:

cpe:/a:microsoft:data_access_components:2.8:sp2:*:*:*:*:*:*

AND

cpe:/o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*

Configuration 3:

cpe:/a:microsoft:windows_data_access_components:6.0:*:*:*:*:*:*:*

AND

cpe:/o:microsoft:windows_7:*:*:x64:*:*:*:*:*

OR cpe:/o:microsoft:windows_7:*:*:x86:*:*:*:*:*

OR cpe:/o:microsoft:windows_7:*:sp1:x64:*:*:*:*:*

OR cpe:/o:microsoft:windows_7:*:sp1:x86:*:*:*:*:*

OR cpe:/o:microsoft:windows_7:-:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_7:-:sp1:*:*:ultimate_n:*:x64:*

OR cpe:/o:microsoft:windows_7:-:sp1:*:*:ultimate_n:*:x86:*

OR cpe:/o:microsoft:windows_server_2008:*:sp2:itanium:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:*

OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x32:*

OR cpe:/o:microsoft:windows_server_2008:r2:*:*:*:*:*:itanium:*

OR cpe:/o:microsoft:windows_server_2008:r2:*:*:*:*:*:x64:*

OR cpe:/o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_vista:*:sp2:x64:*:*:*:*:*

OR cpe:/o:microsoft:windows_vista:*:sp2:x86:*:*:*:*:*

OR cpe:/o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:microsoft:data_access_components:2.8:sp1:*:*:*:*:*:*

OR cpe:/a:microsoft:data_access_components:2.8:sp2:*:*:*:*:*:*

AND

cpe:/o:microsoft:windows:server_2003:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:server_2003:sp2:itanium:*:*:*:*:*

OR cpe:/o:microsoft:windows:server_2003:sp2:x64:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp::sp2:x64:*:professional:*:*:*

OR cpe:/o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_vista:-:sp1:x64:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:itanium:*

OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x32:*

OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x64:*

OR cpe:/o:microsoft:windows:xp:sp3:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_vista:-:sp2:x64:*:*:*:*:*

OR cpe:/o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x32:*

OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:*

OR cpe:/o:microsoft:windows_7:-:-:*:*:ultimate_n:*:x64:*

OR cpe:/o:microsoft:windows_7:-:*:*:*:*:*:x32:*

OR cpe:/o:microsoft:windows_server_2008:r2:*:*:*:*:*:x64:*

OR cpe:/o:microsoft:windows_server_2008:r2:*:*:*:*:*:itanium:*

OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:itanium:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:14783	V	ADO Cachesize Heap Overflow RCE Vulnerability - MS12-045	2015-08-10