FREE Registration is required
Overview:
Microsoft Data Access Components (MDAC) is a collection of components that provides the underlying functionality for a number of database operations, such as connecting to remote databases and returning data to a client. When a client system on a network tries to see a list of computers that are running SQL Server and that reside on the network, it sends a broadcast request to all the devices that are on the network. Because of a vulnerability in a specific MDAC component, an attacker could respond to this request with a specially-crafted packet that could cause a buffer overflow. An attacker who successfully exploited this vulnerability could gain the same level of privileges over the system as the program that initiated the broadcast request. The actions an attacker could carry out would be dependent on the permissions under which the program using MDAC ran. If the program ran with limited privileges, an attacker would be limited accordingly; however, if the program ran under the local system context, the attacker would have the same level of permissions. Since the original version of MDAC on your system may have changed from updates available on the Microsoft Web site, we recommend using the following tool to determine the version of MDAC you have on your system: Microsoft Knowledge Base article 301202 "HOW TO: Check for MDAC Version" discusses this tool and explains how to use it. Also, Microsoft Knowledge Base article 231943 discusses the release history of the different versions of MDAC. Mitigating factors: For an attack to be successful an attacker would have to simulate a SQL server that is on the same IP subnet as the target system. When a client system on a network tries to see a list of computers that are running SQL Server and that reside on the network, it sends a broadcast request to all the devices that are on the network. A target system must initiate such a broadcast request to be vulnerable to an attack. An attacker would have no way of launching this first step but would have to wait for anyone to enumerate computers that are running SQL Server on the same subnet. Also, a system is not vulnerable by having these SQL management tools installed. Code executed on the client system would only run under the privileges of the client program that made the broadcast request.
(Is this item miscategorized? Does it need more tags? Let us know.)
| Format: | Software | ||
| Date: | Jan 2004 | Version: | 1.0 |
| License: | Update | ||
| Platform: | Windows | ||
| System Req: | Windows 2000/XP/2003 Server, SQL Server 2000 |
People who downloaded this item also downloaded
 |
.NET Compact Framework 2.0 Service Pack 1 Patch 1.2 (Windows) |
|
.NET Compact Framework 2.0 Service Pack 2 Redistributable 2.0.2 (Windows) |
Top results from Encryption Software
|
Brightfilter Parental Control 2009 2.1.0.1 (Windows) |
|
RoboForm 6.9.97 (Windows) |
|
Parent Cyber Alert 4.30 (Windows) |
|
USB Secure 1.2.5 (Windows) |
|
AutoKrypt 8.12 (Windows) |
White Papers, Webcasts, and Resources
- Adopting Server Virtualization for Business Continuity and Disaster Recovery CA XOsoftDiscover the advantages of server virtualization for building an IT infrastructure with robust business continuity and disaster recovery capabilities.
- Designing High Availability for Internet Information Services CA XOsoftEnd downtime forever on your Web servers running Microsoft Internet Information Services with this step-by-step guide to high availability.
- Windows Phones and Unified Communications MicrosoftGain a more solid understanding of UC, why it’s essential for your business today, and what makes Windows phones ideal for secure UC environments.
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- New Online Dashboard for IT Leaders
-
Read about top issues IT decision-makers face every day, plus get cost-effective solutions to real-life IT problems.
- Learn more >>
- Keep Up With The Latest In Document Management with The DocuMentor.
-
Doc delivers the scoop on today's enterprise content management, printer maintenance, and all other issues related to document management. It's the DocuMentor Blog.
- Learn more >>
- The more you simplify, the more you save
-
When you transition from your existing Red Hat environment to SUSE Linux Enterprise from Novell, you can recognize dramatic cost savings, perhaps as much 50%
- Learn more >>
- Save time with automated shipping solutions
-
The Business Essentials Guide provides you useful tools and templates to help grow your business and save you time with automated shipping solutions.
- Visit the UPS Business Essentials Guide
- Microsoft Dynamics CRM Online - Free Six-Month Trial for Eligible Organizations
-
Microsoft Dynamics CRM Online provides fast online access, simple contact management and better sales performance for a low monthly cost - the best value on the market today.
- Learn more about the free, six-month trial offer>>
SmartPlanet
- Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
- More from IBM
-
- How to Drive Better Business Outcomes with Exceptional Web Experiences Download the eBook
- Driving Business Agility through SOA Connectivity & Integration Read the White Paper from IBM
- Linking Decisions and Information for Organizational Performance Read the Tom Davenport study
