Vulnerability Description
Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE Vulnerability."
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Data Access Components | 2.8 |
| Microsoft | Windows Xp | All versions |
| Microsoft | Windows Server 2003 | All versions |
| Microsoft | Windows Data Access Components | 6.0 |
| Microsoft | Windows 7 | All versions |
| Microsoft | Windows Server 2008 | All versions |
| Microsoft | Windows Vista | All versions |
Related Weaknesses (CWE)
References
- http://www.us-cert.gov/cas/techalerts/TA12-192A.htmlUS Government Resource
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-04
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://www.us-cert.gov/cas/techalerts/TA12-192A.htmlUS Government Resource
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-04
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2012-1891?
CVE-2012-1891 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML da...
How severe is CVE-2012-1891?
CVE-2012-1891 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2012-1891?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Data Access Components, Microsoft Windows Xp, Microsoft Windows Server 2003, Microsoft Windows Data Access Components, Microsoft Windows 7.