Info

Disclosure

Jan 13, 2004

Discovery

Jan 13, 2004

Dates

Exploit

Unknown

Solution

Unknown

Description

A remote overflow exists in Microsoft Data Access Components. The program fails to validate replies to a broadcast request resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code to run on a vulnerable machine resulting in a loss of confidentiality, integrity, and/or availability.

Classification

Attack Type: Input Manipulation
Impact: Loss of Integrity

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Products

Microsoft Corporation	MDAC	2.5
		2.6
		2.7
		2.8

References

Secunia Advisory ID: 10616
ISS X-Force ID: 14179
CVE ID: 2003-0903 (see also: NVD)
SCIP VulDB ID: 478
Vendor URL: http://support.microsoft.com/default.aspx?kbid=301202
Vendor Specific Advisory URL: http://www.hitachi-support.com/security_e/vuls_e/HS04-001_e/index-e.html
Vendor Specific Solution URL: http://www.microsoft.com/downloads/details.aspx?FamilyId=1D93D9E4-2B22-4595-B8C5-643824857EC0&displaylang=en
http://www.microsoft.com/downloads/details.aspx?FamilyId=39472EE8-C14A-47B4-BFCC-87988E062D91&displaylang=en
Microsoft Security Bulletin: MS04-003

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/3457

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

MDAC

References

Credit