Executive Summary
Summary | |
---|---|
Title | Microsoft Updates for Multiple Vulnerabilities |
Informations | |||
---|---|---|---|
Name | TA11-011A | First vendor Publication | 2011-01-11 |
Vendor | US-CERT | Last vendor Modification | 2011-01-11 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
There are multiple vulnerabilities in Microsoft Data Access Components and Windows Backup Manager. Microsoft has released updates to address these vulnerabilities. I. Description The Microsoft Security Bulletin Summary for January 2011 describes multiple vulnerabilities in Microsoft Data Access Components and Windows Backup Manager. Microsoft has released updates to address the vulnerabilities. II. Impact A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system. III. Solution Apply updates Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for January 2011. That bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). |
Original Source
Url : http://www.us-cert.gov/cas/techalerts/TA11-011A.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
50 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:12273 | |||
Oval ID: | oval:org.mitre.oval:def:12273 | ||
Title: | Backup Manager Insecure Library Loading Vulnerability | ||
Description: | Untrusted search path vulnerability in the BitLocker Drive Encryption API, as used in sdclt.exe in Backup Manager in Microsoft Windows Vista SP1 and SP2, allows local users to gain privileges via a Trojan horse fveapi.dll file in the current working directory, as demonstrated by a directory that contains a Windows Backup Catalog (.wbcat) file, aka "Backup Manager Insecure Library Loading Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3145 | Version: | 6 |
Platform(s): | Microsoft Windows Vista | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12333 | |||
Oval ID: | oval:org.mitre.oval:def:12333 | ||
Title: | DSN Overflow Vulnerability | ||
Description: | Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted szDSN argument, which bypasses a signed comparison and leads to a buffer overflow, aka "DSN Overflow Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-0026 | Version: | 13 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Data Access Components |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12411 | |||
Oval ID: | oval:org.mitre.oval:def:12411 | ||
Title: | ADO Record Memory Vulnerability | ||
Description: | Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka "ADO Record Memory Vulnerability." NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-0027 | Version: | 11 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Data Access Components |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 | |
Application | 1 | |
Os | 2 |
OpenVAS Exploits
Date | Description |
---|---|
2011-01-12 | Name : Windows Backup Manager Remote Code Execution Vulnerability (2478935) File : nvt/secpod_ms11-001.nasl |
2011-01-12 | Name : Microsoft Windows Data Access Components Remote Code Execution Vulnerabilitie... File : nvt/secpod_ms11-002.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
70444 | Microsoft Data Access Components (MDAC / WDAC) MSADO Record CacheSize Handlin... Microsoft Data Access Components and Windows Data Access Components fail to properly validate memory allocation for internal data structures. This may allow a remote attacker to execute arbitrary code via a large CacheSize property that triggers an integer wrap and buffer overflow. |
70443 | Microsoft Data Access Components (MDAC / WDAC) ODBC API (odbc32.dll) SQLConne... Microsoft Data Access Components and Windows Data Access Components are prone to an overflow condition. The 'SQLConnectW' function fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted long string in the Data Source Name and a crafted szDSN argument, a remote attacker can potentially execute arbitrary code. |
67548 | Microsoft Vista BitLocker Drive Encryption Path Subversion Arbitrary DLL Inje... Microsoft Vista BitLocker Drive Encryption is prone to a flaw in the way it loads dynamic-link libraries (e.g., fveapi.dll). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a .wbcat file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2011-01-13 | IAVM : 2011-A-0004 - Microsoft Data Access Components Remote Code Execution Vulnerabilities Severity : Category II - VMSKEY : V0025887 |
2011-01-13 | IAVM : 2011-B-0007 - Microsoft Windows Backup Manager Remote Code Execution Vulnerability Severity : Category II - VMSKEY : V0025889 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-12-16 | Microsoft Internet Explorer style sheet array memory corruption attempt RuleID : 32532 - Revision : 3 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer oversize recordset object cache size exploit attempt RuleID : 18280 - Revision : 15 - Type : BROWSER-IE |
2014-01-10 | Microsoft Windows Vista Backup Tool request for fveapi.dll over SMB attempt RuleID : 18278 - Revision : 18 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows Vista Backup Tool fveapi.dll dll-load exploit attempt RuleID : 18277 - Revision : 17 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Data Access Components library attempt RuleID : 18276 - Revision : 11 - Type : FILE-OTHER |
2014-01-10 | Microsoft Internet Explorer style sheet array memory corruption attempt RuleID : 16659 - Revision : 17 - Type : BROWSER-IE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2011-01-11 | Name : The remote Windows host is affected by a code execution vulnerability in the ... File : smb_nt_ms11-001.nasl - Type : ACT_GATHER_INFO |
2011-01-11 | Name : Arbitrary code can be executed on the remote host through Microsoft Data Acce... File : smb_nt_ms11-002.nasl - Type : ACT_GATHER_INFO |