CVE-2002-1142

Microsoft MDAC <2.7 - Buffer Overflow

Title source: llm

Description

Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/19026

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/iis/ms02_065_msadc.rb

View Code ZIP pw:eip

References (11)

[Third Party Advisory] http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0082.html

[Third Party Advisory, US Government Resource] http://www.cert.org/advisories/CA-2002-33.html

[Various Sources] http://www.foundstone.com/knowledge/randd-advisories-display.html?id=337

[US Government Resource] http://www.kb.cert.org/vuls/id/542081

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/10659

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/10669

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2730

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A294

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3573

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/6214

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-065

Scores

EPSS 0.8304

EPSS Percentile 99.3%

Details

Status published

Products (7)

microsoft/data_access_components 2.1

microsoft/data_access_components 2.5

microsoft/data_access_components 2.6

microsoft/ie 6.0 sp1

microsoft/internet_explorer 5.0.1 (3 CPE variants)

microsoft/internet_explorer 5.5 (3 CPE variants)

microsoft/internet_explorer 6.0

Published Nov 29, 2002

Tracked Since Feb 18, 2026