Make Homepage | Add To Favorites | Print Page | Submit News | Feedback | Contact | 

Your Technical Computer Information Resource!  

  Technical Updates @ TACKtech Corp.  

01.13.2004 - MS04-003: Buffer Overrun in MDAC Function Could Allow Code Execution (832483)

View Microsoft related news. Microsoft Data Access Components (MDAC) is a collection of components that provides the underlying functionality for a number of database operations, such as connecting to remote databases and returning data to a client. When a client system on a network tries to see a list of computers that are running SQL Server and that reside on the network, it sends a broadcast request to all the devices that are on the network. Because of a vulnerability in a specific MDAC component, an attacker could respond to this request with a specially-crafted packet that could cause a buffer overflow.

An attacker who successfully exploited this vulnerability could gain the same level of privileges over the system as the program that initiated the broadcast request. The actions an attacker could carry out would be dependent on the permissions under which the program using MDAC ran. If the program ran with limited privileges, an attacker would be limited accordingly; however, if the program ran under the local system context, the attacker would have the same level of permissions.

Since the original version of MDAC on your system may have changed from updates available on the Microsoft Web site, we recommend using the following tool to determine the version of MDAC you have on your system: Microsoft Knowledge Base article 301202 "HOW TO: Check for MDAC Version" discusses this tool and explains how to use it. Also, Microsoft Knowledge Base article 231943 discusses the release history of the different versions of MDAC.

- Download MDAC 2.5 (included with Microsoft Windows 2000) Patch
- Download MDAC 2.6 (included with Microsoft SQL Server 2000) Patch
- Download MDAC 2.7 (included with Microsoft Windows XP) Patch
- Download MDAC 2.8 (included with Microsoft Windows Server 2003) Patch
- Download MDAC 2.8 (included with Windows Server 2003 64-Bit Edition) Patch
- View Microsoft Security Bulletin MS04-003
- View Microsoft Knowledge Base Article - 832483
- Visit Microsoft Corporation

NID: 2061 / Submitted by: TACKtech Team
Categories: Microsoft, Patches and Updates
Most recent Microsoft related news.
MS14-085 - Important: Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (3013126) - Version: 1.1
MS16-123 - Important: Security Update for Windows Kernel-Mode Drivers (3192892) - Version: 3.0
MS16-087 - Critical: Security Update for Windows Print Spooler Components (3170005) - Version: 2.0
MS16-095 - Critical: Cumulative Security Update for Internet Explorer (3177356) - Version: 3.0
MS16-039 - Critical: Security Update for Microsoft Graphics Component (3148522) - Version: 4.0
View archive of Microsoft related news.
  Popular Tech News  
  Most Viewed News  
  Top Affiliates