Buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of Microsoft Data Access Components (MDAC) 2.5 through 2.7 for SQL Server 7.0 or 2000 allows remote attackers to execute arbitrary code via a query that calls the OpenRowSet command.
2002-08-12T04:00:00.000
2025-04-03T01:03:51.193
Deferred
CVSSv2: 7.5 (HIGH)
AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | microsoft | data_access_components | 1.5 | Yes |
| Application | microsoft | data_access_components | 2.0 | Yes |
| Application | microsoft | data_access_components | 2.1 | Yes |
| Application | microsoft | data_access_components | 2.1.1.3711.11 | Yes |
| Application | microsoft | data_access_components | 2.5 | Yes |
| Application | microsoft | data_access_components | 2.5 | Yes |
| Application | microsoft | data_access_components | 2.5 | Yes |
| Application | microsoft | data_access_components | 2.5 | Yes |
| Application | microsoft | data_access_components | 2.6 | Yes |
| Application | microsoft | data_access_components | 2.6 | Yes |
| Application | microsoft | data_access_components | 2.6 | Yes |
| Application | microsoft | data_access_components | 2.6 | Yes |
| Application | microsoft | data_access_components | 2.7 | Yes |
| Application | microsoft | data_access_components | 2.7 | Yes |
| Application | microsoft | data_access_components | 2.12.4202.3 | Yes |
| Application | microsoft | microsoft_data_access_components | 2.12.4292.3_ga_clean | Yes |