Microsoft Data Access Components ActiveX Data Objects Memory Corruption Vulnerability

Microsoft Data Access Components are prone to a remote memory-corruption vulnerability.

An attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage.

Successful exploits will allow the attacker to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial-of-service condition.

NOTE: This issue was originally reported at the 2010 CanSecWest conference as part of the Pwn2Own contest. It was also previously documented in BID 38951 (Microsoft Internet Explorer Unspecified Remote Code Execution Vulnerabilities) but has been moved here to better document it.


Privacy Statement
Copyright 2010, SecurityFocus