Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:3312
HistoryAug 03, 2002 - 12:00 a.m.

Security Bulletin MS02-040: Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise (Q326573)

2002-08-0300:00:00
vulners.com
22
JSON

Title: Unchecked Buffer in MDAC Function Could Enable SQL
Server Compromise (Q326573)
Date: 31 July 2002
Software: Microsoft Data Access Components
Impact: Run code of attacker's choice
Max Risk: Moderate
Bulletin: MS02-040

Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/MS02-040.asp.

Issue:

The Microsoft Data Access Components (MDAC) provide a number of
supporting technologies for
accessing and using databases. Included among these functions is the
underlying support for
the T-SQL OpenRowSet command. A security vulnerability results
because the MDAC functions
underlying OpenRowSet contain an unchecked buffer.

An attacker who submitted a database query containing a specially
malformed parameter within
a call to OpenRowSet could overrun the buffer, either for the purpose
of causing the SQL
Server to fail or causing the SQL Server service to take actions
dictated by the attacker.

Mitigating Factors:

  • In order to exploit the vulnerability, the attacker would
    need the ability to load and execute a database query on the
    server. This is strongly discouraged by best practices, and
    servers that have been configured to prevent this (e.g., through
    the use of the DisallowAdhocAccess registry setting, as discussed
    in the FAQ) would not be at risk from the vulnerability.
  • Under default conditions, the system-level privileges gained
    through a successful attack would be those of a Domain User.
  • Even though MDAC ships as part of all versions of Windows,
    the vulnerability can only be exploited on SQL Servers. Customers
    who are not using SQL Server do not need to take action, despite
    the fact that MDAC may be installed on their systems.

Risk Rating:

  • Internet systems: Moderate
  • Intranet systems: Moderate
  • Client systems: None

Patch Availability:

Acknowledgment:

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED
"AS IS" WITHOUT
WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER
EXPRESS OR IMPLIED,
INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE. IN NO
EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY
DAMAGES WHATSOEVER
INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF
BUSINESS PROFITS OR SPECIAL
DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY
OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION
OF LIABILITY FOR
CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY
NOT APPLY.

JSON