August 20, 2003
A buffer overflow vulnerability exists in Microsoft Data Access Components that may allow an attacker to run arbitrary code on a client machine. This vulnerability is exposed when a client or a SQL Server implementing the SQL-DMO library, sends a broadcast request for Microsoft SQL Servers on a network. In response an attacker could send malicious data to the querying system, causing a buffer overflow. This vulnerability could allow an attacker to gain access to confidential data and compromise the system.
- Microsoft MDAC 2.5
- Microsoft MDAC 2.5 RTM
- Microsoft MDAC 2.5 SP1
- Microsoft MDAC 2.5 SP2
- Microsoft MDAC 2.5 SP3
- Microsoft MDAC 2.6
- Microsoft MDAC 2.6 RTM
- Microsoft MDAC 2.6 SP1
- Microsoft MDAC 2.6 SP2
- Microsoft MDAC 2.6 SP2 Refresh
- Microsoft MDAC 2.7
- Microsoft MDAC 2.7 RTM Refresh
Block external access at the network boundary, unless external parties require service.
Restricting access to the network may prevent an attacker from listening to SQL requests from clients. If possible ensure that trusted sources have access to the internal network.
Microsoft has released a patch in order to address this issue.
The discovery of this vulnerability has been credited to "Aaron C. Newman" <firstname.lastname@example.org>
© 1995- Symantec Corporation