Heap-based Buffer Overflow in Microsoft Data Access Components
CVE-2012-1891

Currently unrated

Key Information:

Vendor: Microsoft
Status: Data Access Components
Vendor: CVE Published:; 10 July 2012

Summary

A heap-based buffer overflow vulnerability exists in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, as well as Windows Data Access Components (WDAC) 6.0. This flaw allows remote attackers to execute arbitrary code on affected systems through carefully crafted XML data that improperly triggers access to an uninitialized object in memory. If exploited, this vulnerability could compromise the integrity and security of affected systems, requiring immediate attention and mitigation.

References

http://www.us-cert.gov/cas/techalerts/TA12-192A.html

third-party-advisoryx_refsource_CERT

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

EPSS Score

59% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 10, 2012
Vulnerability Reserved
Mar 22, 2012