CVE-2002-0695

Description

Buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of Microsoft Data Access Components (MDAC) 2.5 through 2.7 for SQL Server 7.0 or 2000 allows remote attackers to execute arbitrary code via a query that calls the OpenRowSet command.

Affected products

• Microsoft / data_access_components1.5 – 1.5
• Microsoft / data_access_components2.0 – 2.0
• Microsoft / data_access_components2.1 – 2.1
• Microsoft / data_access_components2.1.1.3711.11 – 2.1.1.3711.11
• Microsoft / data_access_components2.5 – 2.5
• Microsoft / data_access_components2.5 – 2.5
• Microsoft / data_access_components2.5 – 2.5
• Microsoft / data_access_components2.5 – 2.5
• Microsoft / data_access_components2.6 – 2.6
• Microsoft / data_access_components2.6 – 2.6
• Microsoft / data_access_components2.6 – 2.6
• Microsoft / data_access_components2.6 – 2.6
• Microsoft / data_access_components2.7 – 2.7
• Microsoft / data_access_components2.7 – 2.7
• Microsoft / data_access_components2.12.4202.3 – 2.12.4202.3
• Microsoft / microsoft_data_access_components2.12.4292.3_ga_clean – 2.12.4292.3_ga_clean

References

• MISChttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-040
• MISChttp://www.securityfocus.com/bid/5372
• MISChttp://www.iss.net/security_center/static/9734.php
• VENDOR_ADVISORYhttp://www.nextgenss.com/advisories/mssql-ors.txt