Vulnerability CVE-2002-1142


Published: 2002-11-29   Modified: 2012-02-12

Description:
Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.

See advisories in our WLB2 database:
Topic
Author
Date
High
Microsoft (win2000) IIS MDAC msadcs.dll RDS DataStub Content-Type Overflow
patrick
08.06.2012

Type:

CWE-Other

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Microsoft -> Data access components 
Microsoft -> IE 

 References:
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0082.html
http://www.cert.org/advisories/CA-2002-33.html
http://www.foundstone.com/knowledge/randd-advisories-display.html?id=337
http://www.kb.cert.org/vuls/id/542081
http://www.securityfocus.com/bid/6214
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-065
https://exchange.xforce.ibmcloud.com/vulnerabilities/10659
https://exchange.xforce.ibmcloud.com/vulnerabilities/10669
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2730
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A294
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3573

Copyright 2024, cxsecurity.com

 

Back to Top