CVE-2012-1891
CRITICALMicrosoft Data Access Components 2.8 SP1-SP2 & Windows DAC 6.0 - RCE via Crafted XML
Title source: llmDescription
Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE Vulnerability."
References (3)
Core 3
Core References
US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA12-192A.html
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-045
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14783
Scores
CVSS v3
9.8
EPSS
0.2941
EPSS Percentile
97.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-119
CWE-908
Status
published
Products (2)
microsoft/data_access_components
2.8 sp1 (2 CPE variants)
microsoft/windows_data_access_components
6.0
Published
Jul 10, 2012
Tracked Since
Feb 18, 2026