CVE-2012-1891: Buffer Overflow
First published: Tue Jul 10 2012(Updated: )
Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE Vulnerability."
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Microsoft Data Access Components | =2.8-sp1 | |
| Microsoft Windows XP | =sp3 | |
| All of | ||
| Microsoft Data Access Components | =2.8-sp2 | |
| Any of | ||
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows XP | =sp2 | |
| All of | ||
| Microsoft Data Access Components | =6.0 | |
| Any of | ||
| Microsoft Windows 7 | ||
| Microsoft Windows 7 | ||
| Microsoft Windows 7 | =sp1 | |
| Microsoft Windows 7 | =sp1 | |
| Microsoft Windows 7 | ||
| Microsoft Windows 7 | =sp1 | |
| Microsoft Windows 7 | =sp1 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =r2 | |
| Microsoft Windows Server | =r2 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Data Access Components | =2.8-sp1 | |
| Microsoft Windows XP | =sp3 | |
| Microsoft Data Access Components | =2.8-sp2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows XP | =sp2 | |
| Microsoft Data Access Components | =6.0 | |
| Microsoft Windows 7 | ||
| Microsoft Windows 7 | ||
| Microsoft Windows 7 | =sp1 | |
| Microsoft Windows 7 | =sp1 | |
| Microsoft Windows 7 | ||
| Microsoft Windows 7 | =sp1 | |
| Microsoft Windows 7 | =sp1 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =r2 | |
| Microsoft Windows Server | =r2 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows Vista | =sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2012-1891?
CVE-2012-1891 has a critical severity rating, as it allows remote attackers to execute arbitrary code.
How do I fix CVE-2012-1891?
To fix CVE-2012-1891, update Microsoft Data Access Components to the latest version recommended by Microsoft.
What systems are affected by CVE-2012-1891?
CVE-2012-1891 affects Microsoft Data Access Components 2.8 SP1, 2.8 SP2, and Windows Data Access Components 6.0.
Can CVE-2012-1891 be exploited remotely?
Yes, CVE-2012-1891 can be exploited remotely through crafted XML data.
What is the nature of the vulnerability in CVE-2012-1891?
CVE-2012-1891 is a heap-based buffer overflow vulnerability that can lead to remote code execution.
- agent/type
- agent/author
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/microsoft
- canonical/microsoft data access components
- version/microsoft data access components/2.8-sp1
- canonical/microsoft windows xp
- version/microsoft windows xp/sp3
- version/microsoft data access components/2.8-sp2
- canonical/microsoft windows server
- version/microsoft windows server/sp2
- version/microsoft windows xp/sp2
- version/microsoft data access components/6.0
- canonical/microsoft windows 7
- version/microsoft windows 7/sp1
- version/microsoft windows server/r2
- canonical/microsoft windows vista
- version/microsoft windows vista/sp2