Vulnerability in Microsoft Data_access_components
CVE-2011-0026
Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code v…
EPSS: 0.643 (98.5th percentile) — read the EPSS interpretation.
Affected products
- Microsoft Data_access_components — versions 2.8
- Microsoft Windows_2003_server
- Microsoft Windows_7
- Microsoft Windows_data_access_components — versions 6.0
- Microsoft Windows_server_2003
- Microsoft Windows_server_2008 — versions r2
- Microsoft Windows_vista
- Microsoft Windows_xp
- N/a — versions n/a
Weakness classification (CWE)
References
- ADV-2011-0075 (vdb-entry, x_refsource_VUPEN)
- 45695 (vdb-entry, x_refsource_BID)
- MS11-002 (x_refsource_MS, vendor-advisory)
- 70443 (x_refsource_OSVDB, vdb-entry)
- 1024947 (vdb-entry, x_refsource_SECTRACK)
- oval:org.mitre.oval:def:12333 (x_refsource_OVAL, signature, vdb-entry)
- secure@microsoft.com (x_refsource_MISC)
- 42804 (x_refsource_SECUNIA, third-party-advisory)
- TA11-011A (US Government Resource, x_refsource_CERT, third-party-advisory)
- secure@microsoft.com (x_refsource_CONFIRM)