Buffer Overrun in MDAC Function in Windows Could Allow Code Execution

Print page

RSS FEEDS

Latest Security articles

Latest Blog items

Latest News

Latest Support issues

Current Virus threats

[Software advisories]

14 January 2004

Microsoft has warned about a new vulnerability in some of its operating systems. This could allow remote code execution on affected computers.

This is a new vulnerability that involves a "buffer overrun" in MDAC (Microsoft Data Access Component). Several vulnerabilities in MDAC have been reported during latest years.

Microsoft’s severity rating is Important.

Microsoft has made a patch for this vulnerability (same patch for all systems affected) available in Microsofts Security Bulletin MS04-003.
The patch is also available from Windows’ automatic updating system.

The following systems are vulnerable:

Microsoft Windows 2000
Microsoft Windows SQL Server 2000
Microsoft Windows XP
Microsoft Windows Server 2003

At the time of this writing no known malicious software that exploits this new vulnerability has been observed.

Norman advices all users to download the patch Windows as soon as possible, to be protected from potential exploits.

Per Olav Førland