Security 10808 Published by

Microsoft has release a security update for the Microsoft Data Access Components



Software: Microsoft Data Access Components (MDAC) 2.1, Microsoft Data Access Components (MDAC) 2.5, Microsoft Data Access Components (MDAC) 2.6, Microsoft Internet Explorer 5.01, Microsoft Internet Explorer 5.5, and Microsoft Internet Explorer 6.0
Impact: Run code of attacker's choice
Max Risk: Critical
Bulletin: MS02-065

The vulnerability results because of an unchecked buffer in the Data Stub. By sending a specially malformed HTTP request to the Data Stub, an attacker could cause data of his or her choice to overrun onto the heap. Although heap overruns are typically more difficult to exploit than the more-common stack overrun, Microsoft has confirmed that in this case it would be possible to exploit the vulnerability to run code of the attacker's choice on the user's system.
Read more