Improper input validation in Microsoft Data_access_components
CVE-2011-0027
Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, pos…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.676 (98.6th percentile) — read the EPSS interpretation.
Affected products
- Microsoft Data_access_components — versions 2.8
- Microsoft Windows_2003_server
- Microsoft Windows_7
- Microsoft Windows_data_access_components — versions 6.0
- Microsoft Windows_server_2003
- Microsoft Windows_server_2008 — versions r2
- Microsoft Windows_vista
- Microsoft Windows_xp
- N/a — versions n/a
Weakness classification (CWE)
References
- ADV-2011-0075 (vdb-entry, x_refsource_VUPEN, Vendor Advisory)
- 70444 (x_refsource_OSVDB, vdb-entry)
- MS11-002 (x_refsource_MS, vendor-advisory)
- 1024947 (vdb-entry, x_refsource_SECTRACK)
- secure@microsoft.com (x_refsource_MISC)
- oval:org.mitre.oval:def:12411 (x_refsource_OVAL, signature, vdb-entry)
- 42804 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- 45698 (vdb-entry, x_refsource_BID)
- TA11-011A (US Government Resource, x_refsource_CERT, third-party-advisory)
- secure@microsoft.com (x_refsource_MISC)