NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > NTBugtraq> 2004-q1

MinorRev: Microsoft Security Bulletin MS04-003 - Buffer Overrun in MDAC Function Could Allow Code Execution (832483)

From: Russ (Russ.CooperRC.ON.CA)
Date: Mon Feb 02 2004 - 12:46:44 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Reason for Revision:
V1.1 January 30, 2004: Updated the IPSEC policy in the Workarounds
section, updated the command line install string under the Deployment
Information section.

Microsoft Security Bulletin MS04-003:
Buffer Overrun in MDAC Function Could Allow Code Execution (832483)

Bulletin URL:
http://www.microsoft.com/technet/security/bulletin/MS04-003.asp

Summary:
Version Number: V1.1
Revision Date: 01-30-2004
Impact of Vulnerability: Remote code execution
Maximum Severity Rating: Important
Patch(es) Replaced: This update replaces the one that is provided in
Microsoft Security Bulletin MS03-033.
Caveats: None
CVE Number(s): CAN-2003-0903

Tested Software:
Affected Software:
* Microsoft Data Access Components 2.5 (included with Microsoft Windows
2000)
* Microsoft Data Access Components 2.6 (included with Microsoft SQL
Server 2000)
* Microsoft Data Access Components 2.7 (included with Microsoft Windows
XP)
* Microsoft Data Access Components 2.8 (included with Microsoft Windows
Server 2003)

Note The same update applies to all these versions of MDAC
<http://www.ntbugtraq.com/link/39472EE8-C14A-47B4-BFCC-87988E062D91.asp>
* Microsoft Data Access Components 2.8 (included with Windows Server
2003 64-Bit Edition)
<http://www.ntbugtraq.com/link/1D93D9E4-2B22-4595-B8C5-643824857EC0.asp>

Software Not Affected:

This email is sent to NTBugtraq automagically as a service to my
subscribers. (v2.3)

Cheers,
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor

-----
NTBugtraq Editor's Note:

Most viruses these days use spoofed email addresses. As such, using an Anti-Virus product which automatically notifies the perceived sender of a message it believes is infected may well cause more harm than good. Someone who did not actually send you a virus may receive the notification and scramble their support staff to find an infection which never existed in the first place. Suggest such notifications be disabled by whomever is responsible for your AV, or at least that the idea is considered.
-----

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]