Vulnerability Bulletins

int(2994)

Vulnerability Bulletins

Denegación de servicio en Microsoft Data Access Components
Vulnerability classification
Property	Value
Confidence level	Oficial
Impact	Denegación de Servicio
Dificulty	Principiante
Required attacker level	Acceso remoto sin cuenta a un servicio exotico
System information
Property	Value
Affected manufacturer	Microsoft
Affected software	Microsoft Data Access Components 2.5 Service Pack 3 / Microsoft Windows 2000 Service Pack 4 Microsoft Data Access Components 2.8 Service Pack 1 / Microsoft Windows XP Service Pack 2 Microsoft Data Access Components 2.8 / Microsoft Windows Server 2003 Microsoft Data Access Components 2.8 / Microsoft Windows Server 2003 / Itanium-based Systems Microsoft Data Access Components 2.7 Service Pack 1 / Microsoft Windows 2000 Service Pack 4 Microsoft Data Access Components 2.8 / Microsoft Windows 2000 Service Pack 4 Microsoft Data Access Components 2.8 Service Pack 1 / Microsoft Windows 2000 Service Pack 4
Description
Se ha descubierto una vulnerabilidad en Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, y en 2.8 SP1. La vulnerabilidad reside en un error en el método "Execute()" en ADODB.Connection 2.7 y en 2.8 en el control de objetos ActiveX (ADODB.Connection.2.7 y ADODB.Connection.2.8) debido a que no maneja correctamente la memoria cuando el segundo argumente es un BSTR. Un atacante remoto podría causar una denegación de servicio y posiblemente ejecutar código arbitrario mediante ciertas cadenas de caracteres en el segundo y tercer argumento. Existe un exploit público disponible.
Solution
Actualización de software Microsoft Microsoft Data Access Components 2.5 Service Pack 3 / Microsoft Windows 2000 Service Pack 4 http://www.microsoft.com/downloads/details.aspx?FamilyId=EF163E3E-DD3B-4429-98A4-720DA2C96464 Microsoft Data Access Components 2.8 Service Pack 1 / Microsoft Windows XP Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=6B0CDB65-AEF4-489F-B917-812D9F7687BD Microsoft Data Access Components 2.8 / Microsoft Windows Server 2003 http://www.microsoft.com/downloads/details.aspx?FamilyId=34D24335-4EC0-49E7-9E3F-787F89DD7B1D Microsoft Data Access Components 2.8 / Microsoft Windows Server 2003 / Itanium-based Systems http://www.microsoft.com/downloads/details.aspx?FamilyId=58322D1B-A1A8-4BA6-BA1B-6649013CC324 Microsoft Data Access Components 2.7 Service Pack 1 / Microsoft Windows 2000 Service Pack 4 http://www.microsoft.com/downloads/details.aspx?FamilyId=591B0967-C8AB-4B85-A9AF-C01E8D8E3ADC Microsoft Data Access Components 2.8 / Microsoft Windows 2000 Service Pack 4 http://www.microsoft.com/downloads/details.aspx?FamilyId=BC864245-175A-4B55-AB4A-FB5D0E03DCFC Microsoft Data Access Components 2.8 Service Pack 1 / Microsoft Windows 2000 Service Pack 4 http://www.microsoft.com/downloads/details.aspx?FamilyId=341859BF-8DAA-419B-88CD-E5E8EB4A5BAD
Standar resources
Property	Value
CVE	CVE-2006-5559
BID	20704
Other resources
Microsoft Security Bulletin MS07-009 http://www.microsoft.com/technet/security/bulletin/ms07-009.mspx

Version history
Version	Comments	Date
1.0	Aviso emitido	2007-02-15

Vulnerability Bulletins

Denegación de servicio en Microsoft Data Access Components

Vulnerability classification

System information

Description

Solution

Standar resources

Other resources

Version history