CVE-2011-0026
Microsoft Data Access Components DSN Overflow Code Execution Vulnerability
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted szDSN argument, which bypasses a signed comparison and leads to a buffer overflow, aka "DSN Overflow Vulnerability."
Error en la propiedad signedness de enteros en la función SQLConnectW en una API de ODBC (odbc32.dll) en Microsoft Data Access Components (MDAC) versión 2.8 SP1 y SP2, y Windows Data Access Components (WDAC) versión 6.0, permite a los atacantes remotos ejecutar código arbitrario por medio de una cadena larga en el Nombre de Origen de Datos (DSN) y un argumento szDSN creado, que omite una comparación firmada y conduce a un desbordamiento del búfer, también se conoce como "DSN Overflow Vulnerability".
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Data Access Components. The vulnerability is present in an API call and as such successful exploitation will depend on an application's implementation of this call.
The specific flaw exists within the SQLConnectW call in the odbc32.dll component. When calculating the size of a user provided szDSN, the result of a call to lstrlenW is used in a signed comparison to SQL_MAX_DSN_LENGTH to verify the destination buffer size. This value is later used to copy user supplied data to a fixed length stack buffer. A malicious szDSN length could be used to exploit this signedness bug and execute arbitrary code.
*Credits:
AbdulAziz Hariri
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2010-12-10 CVE Reserved
- 2011-01-11 CVE Published
- 2024-08-06 CVE Updated
- 2024-09-04 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-189: Numeric Errors
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/70443 | Vdb Entry | |
| http://secunia.com/advisories/42804 | Third Party Advisory | |
| http://support.avaya.com/css/P8/documents/100124846 | X_refsource_confirm | |
| http://www.securityfocus.com/bid/45695 | Vdb Entry | |
| http://www.securitytracker.com/id?1024947 | Vdb Entry | |
| http://www.us-cert.gov/cas/techalerts/TA11-011A.html | Third Party Advisory | |
| http://www.vupen.com/english/advisories/2011/0075 | Vdb Entry | |
| http://www.zerodayinitiative.com/advisories/ZDI-11-001 | X_refsource_misc |
|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12333 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-002 | 2023-12-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Data Access Components Search vendor "Microsoft" for product "Data Access Components" | 2.8 Search vendor "Microsoft" for product "Data Access Components" and version "2.8" | sp1 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | * | - |
Safe
|
| Microsoft Search vendor "Microsoft" | Data Access Components Search vendor "Microsoft" for product "Data Access Components" | 2.8 Search vendor "Microsoft" for product "Data Access Components" and version "2.8" | sp2 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 2003 Server Search vendor "Microsoft" for product "Windows 2003 Server" | * | sp2 |
Safe
|
| Microsoft Search vendor "Microsoft" | Data Access Components Search vendor "Microsoft" for product "Data Access Components" | 2.8 Search vendor "Microsoft" for product "Data Access Components" and version "2.8" | sp2 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2003 Search vendor "Microsoft" for product "Windows Server 2003" | * | sp2 |
Safe
|
| Microsoft Search vendor "Microsoft" | Data Access Components Search vendor "Microsoft" for product "Data Access Components" | 2.8 Search vendor "Microsoft" for product "Data Access Components" and version "2.8" | sp2 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | - | sp2, x64 |
Safe
|
| Microsoft Search vendor "Microsoft" | Windows Data Access Components Search vendor "Microsoft" for product "Windows Data Access Components" | 6.0 Search vendor "Microsoft" for product "Windows Data Access Components" and version "6.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 7 Search vendor "Microsoft" for product "Windows 7" | - | - |
Safe
|
| Microsoft Search vendor "Microsoft" | Windows Data Access Components Search vendor "Microsoft" for product "Windows Data Access Components" | 6.0 Search vendor "Microsoft" for product "Windows Data Access Components" and version "6.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | * | itanium |
Safe
|
| Microsoft Search vendor "Microsoft" | Windows Data Access Components Search vendor "Microsoft" for product "Windows Data Access Components" | 6.0 Search vendor "Microsoft" for product "Windows Data Access Components" and version "6.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | * | x32 |
Safe
|
| Microsoft Search vendor "Microsoft" | Windows Data Access Components Search vendor "Microsoft" for product "Windows Data Access Components" | 6.0 Search vendor "Microsoft" for product "Windows Data Access Components" and version "6.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | * | x64 |
Safe
|
| Microsoft Search vendor "Microsoft" | Windows Data Access Components Search vendor "Microsoft" for product "Windows Data Access Components" | 6.0 Search vendor "Microsoft" for product "Windows Data Access Components" and version "6.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | * | sp2, x32 |
Safe
|
| Microsoft Search vendor "Microsoft" | Windows Data Access Components Search vendor "Microsoft" for product "Windows Data Access Components" | 6.0 Search vendor "Microsoft" for product "Windows Data Access Components" and version "6.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | * | sp2, x64 |
Safe
|
| Microsoft Search vendor "Microsoft" | Windows Data Access Components Search vendor "Microsoft" for product "Windows Data Access Components" | 6.0 Search vendor "Microsoft" for product "Windows Data Access Components" and version "6.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | - | sp2, itanium |
Safe
|
| Microsoft Search vendor "Microsoft" | Windows Data Access Components Search vendor "Microsoft" for product "Windows Data Access Components" | 6.0 Search vendor "Microsoft" for product "Windows Data Access Components" and version "6.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | r2 Search vendor "Microsoft" for product "Windows Server 2008" and version "r2" | itanium |
Safe
|
| Microsoft Search vendor "Microsoft" | Windows Data Access Components Search vendor "Microsoft" for product "Windows Data Access Components" | 6.0 Search vendor "Microsoft" for product "Windows Data Access Components" and version "6.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | r2 Search vendor "Microsoft" for product "Windows Server 2008" and version "r2" | x64 |
Safe
|
| Microsoft Search vendor "Microsoft" | Windows Data Access Components Search vendor "Microsoft" for product "Windows Data Access Components" | 6.0 Search vendor "Microsoft" for product "Windows Data Access Components" and version "6.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | * | sp1 |
Safe
|
| Microsoft Search vendor "Microsoft" | Windows Data Access Components Search vendor "Microsoft" for product "Windows Data Access Components" | 6.0 Search vendor "Microsoft" for product "Windows Data Access Components" and version "6.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | * | sp2 |
Safe
|