CVE-2011-0026 Information

Description

Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted szDSN argument which bypasses a signed comparison and leads to a buffer overflow aka \DSN Overflow Vulnerability.\

Reference

http://osvdb.org/70443 http://secunia.com/advisories/42804 http://support.avaya.com/css/P8/documents/100124846 http://www.securityfocus.com/bid/45695 http://www.securitytracker.com/id?1024947 http://www.us-cert.gov/cas/techalerts/TA11-011A.html http://www.vupen.com/english/advisories/2011/0075 http://www.zerodayinitiative.com/advisories/ZDI-11-001/ https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-002 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A12333