What is CVE-2012-1891?

CVE-2012-1891 is a critical-severity vulnerability in Microsoft Data_access_components, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 9.8/10. Published 2012-07-10.

How severe is CVE-2012-1891?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Buffer overflow in Microsoft Data_access_components

CVE-2012-1891

Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitial…

Vulnerability class: Buffer Overflow

EPSS: 0.590 (98.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Microsoft Data_access_components — versions 2.8
Microsoft Windows_7
Microsoft Windows_data_access_components — versions 6.0
Microsoft Windows_server_2003
Microsoft Windows_server_2008 — versions r2
Microsoft Windows_vista
Microsoft Windows_xp
N/a — versions n/a

Weakness classification (CWE)

References

TA12-192A (US Government Resource, x_refsource_CERT, third-party-advisory)
MS12-045 (x_refsource_MS, vendor-advisory)
oval:org.mitre.oval:def:14783 (x_refsource_OVAL, signature, vdb-entry)

Frequently asked questions

What is CVE-2012-1891?: CVE-2012-1891 is a critical-severity vulnerability in Microsoft Data_access_components, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 9.8/10. Published 2012-07-10.
How severe is CVE-2012-1891?: Critical severity. CVSS v3 base score is 9.8 out of 10.