Browse archive

Latest news

Experts highlight top data breach vulnerabilities

Commission wants to minimize U.S. IP theft economic impact

NYPD detective accused of hiring email hackers

Why BYOx is the next big concern of CISOs

Free tool repairs critical Windows configuration vulnerabilities

Guantanamo cuts off Wi-Fi access due to OpGTMO

IT pros focus on cloud security, not hype

Blue Coat to acquire Solera Networks

APT1 is back, attacks many of the initial U.S. corporate targets

Aurora attackers were looking for Google's surveillance database

U.S. DOJ accuses journalist of espionage

Find TrueCrypt and BitLocker encrypted containers and images

The CSO perspective on healthcare security and compliance

Hacking charge stations for electric cars

Critical Microsoft Vulnerability Announced

by Berislav Kucan - Thursday, 21 November 2002.

In the 65th Security Bulletin this year, Microsoft announced a critical vulnerability in Microsoft Data Access Components, a collection of components used to provide database connectivity on Windows platforms.

Microsoft's End User Bulletin notes that the following versions must be updated:

Windows NT 4.0, Windows 98, Windows Me, Windows 2000
Microsoft Data Access Components (MDAC) 2.1, 2.5, 2.6
Internet Explorer 5.01, 5.5, 6.0

MDAC is included as a default in Windows ME, Windows XP (the vulnerability does not affect Windows XP, despite the fact that it uses Internet Explorer 6.0) and Windows 2000. Also it is either included or installed in various other technologies and products - for example some components of MDAC are included in Internet Explorer and Windows NT 4.0 option pack.

Microsoft noted a security vulnerability (Foundstone discovered the vulnerability - mirrored here) in the RDS (Remote Data Services) implementation, specifically, in a function called the RDS Data Stub, whose purpose it is to parse incoming HTTP requests and generate RDS commands. This security issue can be exploited by sending a specially malformed HTTP request to the Data Stub, which could cause arbitrary data to overrun onto the heap. This can result in running arbitrary code on the vulnerable system.

Vulnerability risk factor

Web servers are at risk if a vulnerable version of MDAC is installed and running on the server. To exploit the vulnerability against such a web server, an attacker would need to establish a connection with the server and then send a specially malformed HTTP request to it, that would have the effect of overrunning the buffer with the attacker's chosen data. The code would run in the security context of the IIS service (which, by default, runs in the LocalSystem context)
Web clients are at risk in almost every case, as the RDS Data Stub is included with all current versions of Internet Explorer and there is no option to disable it. To exploit the vulnerability against a client, an attacker would need to host a web page that, when opened, would send an HTTP reply to the user's system and overrun the buffer with the attacker's chosen data. The web page could be hosted on a web site or sent directly to users as an HTML Mail. The code would run in the security context of the user.

Patches and mitigation information can be read from Microsoft's Bulletin announcing this vulnerability - Microsoft Security Bulletin MS02-065