CVE-2011-0027

Microsoft Data Access Components (MDAC) <2.8 SP1 & WDAC 6.0 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-0027. PoCs published by Peter Vreugdenhil.

AI-analyzed exploit summary This exploit targets a heap overflow vulnerability in Microsoft Data Access Components (MDAC) via crafted XML data islands. It manipulates recordset objects to achieve arbitrary code execution by spraying the heap and bypassing ASLR.

Description

Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka "ADO Record Memory Vulnerability." NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Peter Vreugdenhil · htmlremotewindows

https://www.exploit-db.com/exploits/15984

View Code ZIP pw:eip

This exploit targets a heap overflow vulnerability in Microsoft Data Access Components (MDAC) via crafted XML data islands. It manipulates recordset objects to achieve arbitrary code execution by spraying the heap and bypassing ASLR.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Microsoft Data Access Components (MDAC) in Internet Explorer

No auth needed

Prerequisites: Victim must visit a malicious webpage using Internet Explorer with vulnerable MDAC

MITRE ATT&CK