CVE-2012-1891
Microsoft Internet Explorer MSADO CacheSize Remote Code Execution Vulnerability
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE Vulnerability."
Desbordamiento de búfer basado en memoria dinámica en Microsoft Data Access Components (MDAC) v2.8 SP1 y SP2 y Windows Data Access Components (WDAC) v6.0, permite a atacantes remotos ejecutar código arbitrario a través de datos XML manipulados que desencadenan el acceso a un objeto no inicializado en la memoria, también conocido como "ADO Cachesize Heap Overflow RCE Vulnerability."
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the MSADO component. When handling the a user specified CacheSize property the process uses this value to calculate the 'real' cache size. This value is used without proper validation. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser. This bug is a failed fix for CVE-2011-0027 / http://www.zerodayinitiative.com/advisories/ZDI-11-002/
*Credits:
Anonymous
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-03-22 CVE Reserved
- 2012-07-10 CVE Published
- 2024-10-17 CVE Updated
- 2024-11-16 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-908: Use of Uninitialized Resource
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.us-cert.gov/cas/techalerts/TA12-192A.html | Third Party Advisory | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14783 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-045 | 2023-12-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Data Access Components Search vendor "Microsoft" for product "Data Access Components" | 2.8 Search vendor "Microsoft" for product "Data Access Components" and version "2.8" | sp1 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | * | sp3 |
Safe
|
| Microsoft Search vendor "Microsoft" | Data Access Components Search vendor "Microsoft" for product "Data Access Components" | 2.8 Search vendor "Microsoft" for product "Data Access Components" and version "2.8" | sp2 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2003 Search vendor "Microsoft" for product "Windows Server 2003" | * | sp2 |
Safe
|
| Microsoft Search vendor "Microsoft" | Data Access Components Search vendor "Microsoft" for product "Data Access Components" | 2.8 Search vendor "Microsoft" for product "Data Access Components" and version "2.8" | sp2 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | - | sp2, x64 |
Safe
|
| Microsoft Search vendor "Microsoft" | Windows Data Access Components Search vendor "Microsoft" for product "Windows Data Access Components" | 6.0 Search vendor "Microsoft" for product "Windows Data Access Components" and version "6.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 7 Search vendor "Microsoft" for product "Windows 7" | * | x64 |
Safe
|
| Microsoft Search vendor "Microsoft" | Windows Data Access Components Search vendor "Microsoft" for product "Windows Data Access Components" | 6.0 Search vendor "Microsoft" for product "Windows Data Access Components" and version "6.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 7 Search vendor "Microsoft" for product "Windows 7" | * | x86 |
Safe
|
| Microsoft Search vendor "Microsoft" | Windows Data Access Components Search vendor "Microsoft" for product "Windows Data Access Components" | 6.0 Search vendor "Microsoft" for product "Windows Data Access Components" and version "6.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 7 Search vendor "Microsoft" for product "Windows 7" | * | sp1, x64 |
Safe
|
| Microsoft Search vendor "Microsoft" | Windows Data Access Components Search vendor "Microsoft" for product "Windows Data Access Components" | 6.0 Search vendor "Microsoft" for product "Windows Data Access Components" and version "6.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 7 Search vendor "Microsoft" for product "Windows 7" | * | sp1, x86 |
Safe
|
| Microsoft Search vendor "Microsoft" | Windows Data Access Components Search vendor "Microsoft" for product "Windows Data Access Components" | 6.0 Search vendor "Microsoft" for product "Windows Data Access Components" and version "6.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 7 Search vendor "Microsoft" for product "Windows 7" | - | - |
Safe
|
| Microsoft Search vendor "Microsoft" | Windows Data Access Components Search vendor "Microsoft" for product "Windows Data Access Components" | 6.0 Search vendor "Microsoft" for product "Windows Data Access Components" and version "6.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 7 Search vendor "Microsoft" for product "Windows 7" | - | sp1, x64 |
Safe
|
| Microsoft Search vendor "Microsoft" | Windows Data Access Components Search vendor "Microsoft" for product "Windows Data Access Components" | 6.0 Search vendor "Microsoft" for product "Windows Data Access Components" and version "6.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 7 Search vendor "Microsoft" for product "Windows 7" | - | sp1, x86 |
Safe
|
| Microsoft Search vendor "Microsoft" | Windows Data Access Components Search vendor "Microsoft" for product "Windows Data Access Components" | 6.0 Search vendor "Microsoft" for product "Windows Data Access Components" and version "6.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | * | sp2, itanium |
Safe
|
| Microsoft Search vendor "Microsoft" | Windows Data Access Components Search vendor "Microsoft" for product "Windows Data Access Components" | 6.0 Search vendor "Microsoft" for product "Windows Data Access Components" and version "6.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | * | sp2, x64 |
Safe
|
| Microsoft Search vendor "Microsoft" | Windows Data Access Components Search vendor "Microsoft" for product "Windows Data Access Components" | 6.0 Search vendor "Microsoft" for product "Windows Data Access Components" and version "6.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | * | sp2, x86 |
Safe
|
| Microsoft Search vendor "Microsoft" | Windows Data Access Components Search vendor "Microsoft" for product "Windows Data Access Components" | 6.0 Search vendor "Microsoft" for product "Windows Data Access Components" and version "6.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | r2 Search vendor "Microsoft" for product "Windows Server 2008" and version "r2" | itanium |
Safe
|
| Microsoft Search vendor "Microsoft" | Windows Data Access Components Search vendor "Microsoft" for product "Windows Data Access Components" | 6.0 Search vendor "Microsoft" for product "Windows Data Access Components" and version "6.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | r2 Search vendor "Microsoft" for product "Windows Server 2008" and version "r2" | x64 |
Safe
|
| Microsoft Search vendor "Microsoft" | Windows Data Access Components Search vendor "Microsoft" for product "Windows Data Access Components" | 6.0 Search vendor "Microsoft" for product "Windows Data Access Components" and version "6.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | * | sp2 |
Safe
|
| Microsoft Search vendor "Microsoft" | Windows Data Access Components Search vendor "Microsoft" for product "Windows Data Access Components" | 6.0 Search vendor "Microsoft" for product "Windows Data Access Components" and version "6.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | * | sp2, x86 |
Safe
|
| Microsoft Search vendor "Microsoft" | Windows Data Access Components Search vendor "Microsoft" for product "Windows Data Access Components" | 6.0 Search vendor "Microsoft" for product "Windows Data Access Components" and version "6.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | - | sp2 |
Safe
|