Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka "ADO Record Memory Vulnerability." NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
History
07 Dec 2023, 18:38
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:microsoft:windows_vista:*:sp1:x64:*:*:*:*:* |
Information
Published : 2011-01-12 01:00
Updated : 2024-02-28 11:41
NVD link : CVE-2011-0027
Mitre link : CVE-2011-0027
CVE.ORG link : CVE-2011-0027
JSON object : View
Products Affected
microsoft
- windows_vista
- windows_7
- windows_data_access_components
- windows_xp
- data_access_components
- windows_2003_server
- windows_server_2003
- windows_server_2008
CWE
CWE-20
Improper Input Validation