Vulnerability Details CVE-2012-1891
Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE Vulnerability."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.596
EPSS Ranking 98.1%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 9.3
References
- http://www.us-cert.gov/cas/techalerts/TA12-192A.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-045
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14783
- http://www.us-cert.gov/cas/techalerts/TA12-192A.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-045
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14783
Products affected by CVE-2012-1891
-
cpe:2.3:a:microsoft:data_access_components:2.8
-
cpe:2.3:a:microsoft:windows_data_access_components:6.0
-
cpe:2.3:o:microsoft:windows_7:-
-
cpe:2.3:o:microsoft:windows_server_2003:-
-
cpe:2.3:o:microsoft:windows_server_2003:r2
-
cpe:2.3:o:microsoft:windows_server_2008:-
-
cpe:2.3:o:microsoft:windows_server_2008:r2
-
cpe:2.3:o:microsoft:windows_vista:*
-
cpe:2.3:o:microsoft:windows_vista:-
-
cpe:2.3:o:microsoft:windows_xp:-
-
cpe:2.3:o:microsoft:windows_xp:unknown