Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2012-1891 | First vendor Publication | 2012-07-10 |
Vendor | Cve | Last vendor Modification | 2023-12-07 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE Vulnerability." |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1891 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:14783 | |||
Oval ID: | oval:org.mitre.oval:def:14783 | ||
Title: | ADO Cachesize Heap Overflow RCE Vulnerability - MS12-045 | ||
Description: | Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-1891 | Version: | 11 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Microsoft Data Access Components |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 | |
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2012-07-11 | Name : Microsoft Windows Data Access Components Remote Code Execution Vulnerability... File : nvt/secpod_ms12-045.nasl |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2012-07-12 | IAVM : 2012-A-0107 - Microsoft Data Access Components (MDAC) Remote Code Execution Vulnerability Severity : Category II - VMSKEY : V0033313 |
Snort® IPS/IDS
Date | Description |
---|---|
2016-03-14 | Microsoft Internet Explorer corrupted HROW instance write access violation at... RuleID : 37316 - Revision : 1 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer corrupted HROW instance write access violation at... RuleID : 23280 - Revision : 9 - Type : BROWSER-IE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2012-07-11 | Name : Arbitrary code can be executed on the remote host through Microsoft Data Acce... File : smb_nt_ms12-045.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2023-12-07 21:28:01 |
|
2020-09-28 17:22:44 |
|
2020-05-23 00:33:23 |
|
2019-05-09 12:04:33 |
|
2019-02-26 17:19:37 |
|
2018-10-31 00:20:18 |
|
2018-10-13 05:18:36 |
|
2018-09-20 12:09:37 |
|
2017-09-19 09:25:15 |
|
2016-09-30 01:03:37 |
|
2016-08-05 12:03:43 |
|
2016-06-28 21:56:51 |
|
2016-04-26 21:43:58 |
|
2014-02-17 11:09:28 |
|
2014-01-19 21:28:40 |
|
2013-11-11 12:39:52 |
|
2013-05-10 22:37:22 |
|
2013-03-07 13:19:48 |
|