Manage updates with the Download AppPublisher's Description
From Microsoft:
Microsoft Data Access Components (MDAC) is a collection of components that provides the underlying functionality for a number of database operations, such as connecting to remote databases and returning data to a client. When a client system on a network tries to see a list of computers that are running SQL Server and that reside on the network, it sends a broadcast request to all the devices that are on the network. Because of a vulnerability in a specific MDAC component, an attacker could respond to this request with a specially-crafted packet that could cause a buffer overflow.
An attacker who successfully exploited this vulnerability could gain the same level of privileges over the system as the program that initiated the broadcast request. The actions an attacker could carry out would be dependent on the permissions under which the program using MDAC ran. If the program ran with limited privileges, an attacker would be limited accordingly; however, if the program ran under the local system context, the attacker would have the same level of permissions.
Since the original version of MDAC on your system may have changed from updates available on the Microsoft Web site, we recommend using the following tool to determine the version of MDAC you have on your system: Microsoft Knowledge Base article 301202 "HOW TO: Check for MDAC Version" discusses this tool and explains how to use it. Also, Microsoft Knowledge Base article 231943 discusses the release history of the different versions of MDAC.
Mitigating factors:
- For an attack to be successful an attacker would have to simulate a SQL server that is on the same IP subnet as the target system.
- When a client system on a network tries to see a list of computers that are running SQL Server and that reside on the network, it sends a broadcast request to all the devices that are on the network. A target system must initiate such a broadcast request to be vulnerable to an attack. An attacker would have no way of launching this first step but would have to wait for anyone to enumerate computers that are running SQL Server on the same subnet. Also, a system is not vulnerable by having these SQL management tools installed.
- Code executed on the client system would only run under the privileges of the client program that made the broadcast request.
More Products to Consider
-
Protect your PC against the latest viruses and spyware.DownloadInstalled
Smart Install -
Protect your computer from viruses and malicious programs.DownloadInstalled
Smart Install -
Detect and quickly remove malicious threats to your computer.DownloadInstalled
Smart Install -
Provide secure, anonymous, and private browsing on Wi-Fi hotspo...DownloadInstalled
Smart Install -
Search your hard disk and Registry for threats to your security...DownloadInstalled
Smart Install -
Detect and eliminate viruses, get free protection for home user...DownloadInstalled
Smart Install -
Download and exchange files safely, enjoy games and Web surfing...DownloadInstalled
Smart Install -
Keep track of the time your kids spend in front of the computer...DownloadInstalled
Smart Install -
Detect potentially harmful Browser Helper Objects.DownloadInstalled
Smart Install -
Record and view every keystroke typed on keyboard.DownloadInstalled
Smart Install -
Find and remove specific viruses from your PC.DownloadInstalled
Smart Install -
Secure your connection to public Wi-Fi networks with premium VP...DownloadInstalled
Smart Install -
Find and remove specific viruses from your PC.DownloadInstalled
Smart Install -
Keep your business safe when e-mailing or going online.DownloadInstalled
Smart Install -
Update Norton virus definitions and antivirus products.DownloadInstalled
Smart Install -
Resolve Microsoft Data Access Component tool installation probl...Visit SiteThis download is served from an external site
closeNOTICE: This link will open a connection to a third-party site. CNET cannot ensure the security of software that is hosted on external sites.
Sponsored Products
-
Get the latest antivirus updates.DownloadInstalled
Smart Install -
Protect your personal home computer from malware attacks.DownloadInstalled
Smart Install - Monitor company's internet bandwidth usage.Download
Installed
Smart Install -
Get updated virus pattern files.DownloadInstalled
Smart Install - Prevent a malicious user from taking control over your SQL Serv...Download
Installed
Smart Install -
Detect and remove spyware, malware, rootkits, trojans, hijacker...DownloadInstalled
Smart Install -
Protect your PC in real time from malware & spyware.DownloadInstalled
Smart Install - Prevent a malicious user from taking control of your SQL Server...Download
Installed
Smart Install
%20-%20CNET%20Download.com&srcUrl=http://download.cnet.com/Buffer-Overrun-in-MDAC-Function-Could-Allow-Code-Execution-832483/3000-2092_4-46685.html&x_breadcrumb=20:2023:2092){kind=small}