Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Microsoft Data Access Components vulnerability could allow remote code execution


Report ID: MS201207003
Date Published: 16 July 2012

Criticality: Critical
Compromise Type: remote-code-execution
Compromise From: remote


Affected Product/Component:

Microsoft Data Access Components 2.8 SP1
Microsoft Data Access Components 2.8 SP2
Windows Data Access Components 6.0




Summary

A vulnerability in Microsoft Data Access Components (MDAC) could allow an attacker to execute arbitrary code in the context of a logged-on user.



Detailed Description

Microsoft has released a security update to address a vulnerability in Microsoft Data Access Components (MDAC). The vulnerability was caused by improper processing of XML code, resulting in the access of an uninitialized object in memory.

To fix this issue, a change in the way of handling objects in memory has been introduced through the update. Users are recommended to install this latest update to protect their system from potential exploit attempts.



CVE Reference

CVE-2012-1891



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-045)




Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.