• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft MDAC Function Broadcast Response Buffer Overrun Vulnerability

Microsoft has released an advisory reporting a buffer overrun vulnerability in an MDAC function. This issue is exposed when an application makes a broadcast request to query for SQL Servers on the network and malformed data is returned in the broadcast response.

Successful exploitation will allow for code execution in the context of the application using the vulnerable MDAC function. If the application is run with system-level privileges, this could completely compromise a vulnerable system. Exploitation attempts may also result in a denial of service in client applications.

Microsoft has reported that this would only result in a denial of service with MDAC 2.8.