[Am-info] Microsoft Data Access Components Broadcast Reply Buffer Overflow

[Fred Miller]

Microsoft Data Access Components Broadcast Reply Buffer Overflow

CRITICAL:
Moderately critical

IMPACT:
System access

WHERE:
=46rom local network

OPERATING SYSTEM:
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional

SOFTWARE:
Microsoft Data Access Components (MDAC) 2.x
Microsoft SQL Server 2000

DESCRIPTION:
Microsoft has reported a vulnerability in MDAC (Microsoft Data Access
Components), which potentially can be exploited by malicious people
to compromise a vulnerable system.

The problem is that the reply, which MDAC receives when it broadcasts
a request to identify all systems running SQL Server, isn't properly
verified.=20

This allows malicious people on the network to send a specially
crafted reply, which can cause a buffer overflow and possibly lead to
execution of arbitrary code on a system running MDAC or SQL Server.

The vulnerability affects MDAC 2.5, 2.6, 2.7, and 2.8.

MDAC is included in Windows XP, Windows 2000, and Windows 2003
Server.

Third party applications may also install MDAC.

SOLUTION:
Microsoft has issued patches.

MDAC 2.5, 2.6, 2.7, and 2.8:
http://www.microsoft.com/downloads/
details.aspx?FamilyId=3D39472EE8-C14A-47B4-BFCC-87988E062D91&displaylang=3D=
en

MDAC 2.8 on Windows 2003 Server 64-Bit systems:
http://www.microsoft.com/downloads/
details.aspx?FamilyId=3D1D93D9E4-2B22-4595-B8C5-643824857EC0&displaylang=3D=
en

ORIGINAL ADVISORY:
Buffer Overrun in MDAC Function Could Allow Code Execution
http://www.microsoft.com/technet/security/bulletin/MS04-003.asp

=2D-=20
"...Linux, MS-DOS, and Windows XP (also known as the Good, the Bad, and
the Ugly)."