NVD

Id
7164  
Name
CVE-2011-0026  
Description
Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted szDSN argument, which bypasses a signed comparison and leads to a buffer overflow, aka "DSN Overflow Vulnerability."  
Reject
 
CVSS Version
2  
CVSS Score
9.3  
Severity
High  
CVSS Base Score
9.3  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:C/I:C/A:C)  
Pub Date
2017-01-07  
Published
2011-01-11  
Modified Date
2011-07-18  
Seq
2011-0026  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
40154 7164 CVE-2011-0026 oval:org.mitre.oval:def:12333  View
40155 7164 CVE-2011-0026 http://support.avaya.com/css/P8/documents/100124846  View
40156 7164 CVE-2011-0026 MS11-002  View
40157 7164 CVE-2011-0026 45695  View
40158 7164 CVE-2011-0026 1024947  View
40159 7164 CVE-2011-0026 TA11-011A  View
40160 7164 CVE-2011-0026 ADV-2011-0075  View
40161 7164 CVE-2011-0026 http://www.zerodayinitiative.com/advisories/ZDI-11-001/  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
30776 JVNDB-2011-001015 MDAC および WDAC の SQLConnectW 関数における整数符号エラーの脆弱性 Microsoft Data Access Components (MDAC) および Windows Data Access Components (WDAC) の ODBC API (odbc32.dll) 内にある SQLConnectW 関数には、整数符号エラーの脆弱性が存在します。 CVE-2011-0026 47933 CVE-2011-0026 7164 9.3 http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001015.html 2011-01-11 2011-01-28 View