{"vuid":"VU#139150","idnumber":"139150","name":"Microsoft Data Access Components (MDAC) contains buffer overflow","keywords":["Microsoft Data Access Components (MDAC)","arbitrary code execution","buffer overflow","MS04-003"],"overview":"Microsoft Data Access Components (MDAC) contains a buffer overflow vulnerability that could allow a remote attacker to execute arbitrary code or cause a denial of service.","clean_desc":"From Microsoft Security Bulletin MS04-003: Microsoft Data Access Components (MDAC) is a collection of components that provides the underlying functionality for a number of database operations, such as connecting to remote databases and returning data to a client. MS04-003 notes that \"...MDAC is a ubiquitous technology\" that is installed as part of Windows 2000, Windows XP, and other Microsoft programs (e.g., Microsoft Access and Microsoft SQL Server). An  MDAC client sends a network broadcast to port 1434/udp to query for systems running Microsoft SQL Server. A buffer overflow vulnerability exists in an MDAC component that handles responses to such a query. The vulnerability could be triggered by a specially crafted response packet. An MDAC client is only vulnerable for some period of time after it issues a query.","impact":"A remote attacker could execute arbitrary code with the privileges of the process using MDAC. The attacker could also cause a denial of service.","resolution":"Apply patch\nApply the appropriate patch referenced in Microsoft Security Bulletin MS04-003.","workarounds":"Block or Restrict Access Block or restrict inbound access to port 1434/udp. Note that a firewall that performs stateful inspection may allow inbound responses after recording an outbound broadcast.","sysaffected":"","thanks":"Information used in this document came from Microsoft Security Bulletin \nMS04-003","author":"This document was written by Art Manion.","public":["http://www.microsoft.com/technet/security/bulletin/ms04-003.asp","http://support.microsoft.com/default.aspx?kbid=301202","http://support.microsoft.com/default.aspx?kbid=231943","http://support.microsoft.com/default.aspx?kbid=813878","http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnmdac/html/technologyfeatures.asp","http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnmdac/html/datechartoverview.asp","http://www.secunia.com/advisories/10616/","http://www.securityfocus.com/bid/9407"],"cveids":["CVE-2003-0903"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-01-13T20:57:16Z","publicdate":"2004-01-13T00:00:00Z","datefirstpublished":"2004-01-19T07:23:41Z","dateupdated":"2004-01-19T14:58:54Z","revision":28,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"7","cam_population":"14","cam_impact":"17","cam_easeofexploitation":"9","cam_attackeraccessrequired":"12","cam_scorecurrent":"10.6029","cam_scorecurrentwidelyknown":"13.01265","cam_scorecurrentwidelyknownexploited":"22.65165","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":10.6029,"vulnote":null}