Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE Vulnerability."
2012-07-10T21:55:06.150
2025-04-11T00:51:21.963
Deferred
CVSSv3.1: 9.8 (CRITICAL)
AV:N/AC:M/Au:N/C:C/I:C/A:C
8.6
10.0
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | microsoft | data_access_components | 2.8 | Yes |
| Operating System | microsoft | windows_xp | * | No |
| Application | microsoft | data_access_components | 2.8 | Yes |
| Operating System | microsoft | windows_server_2003 | * | No |
| Operating System | microsoft | windows_xp | - | No |
| Application | microsoft | windows_data_access_components | 6.0 | Yes |
| Operating System | microsoft | windows_7 | * | No |
| Operating System | microsoft | windows_7 | * | No |
| Operating System | microsoft | windows_7 | * | No |
| Operating System | microsoft | windows_7 | * | No |
| Operating System | microsoft | windows_7 | - | No |
| Operating System | microsoft | windows_7 | - | No |
| Operating System | microsoft | windows_7 | - | No |
| Operating System | microsoft | windows_server_2008 | * | No |
| Operating System | microsoft | windows_server_2008 | * | No |
| Operating System | microsoft | windows_server_2008 | * | No |
| Operating System | microsoft | windows_server_2008 | r2 | No |
| Operating System | microsoft | windows_server_2008 | r2 | No |
| Operating System | microsoft | windows_vista | * | No |
| Operating System | microsoft | windows_vista | * | No |
| Operating System | microsoft | windows_vista | - | No |