(MS12-045) Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (2698365)

  Severity: CRITICAL
  CVE Identifier: CVE-2012-1891
  Advisory Date: JUL 11, 2012

  DESCRIPTION

This update resolves a vulnerability that exists in Microsoft Data Access Components. The vulnerability lies in the way that MDAC attempt to access improperly initialized objects in memory. When successfully exploited, attackers can remotely execute code on the affected system.

  SOLUTION

  AFFECTED SOFTWARE AND VERSION

  • Microsoft Data Access Components 2.8 Service Pack 1 (Windows XP Service Pack 3)
  • Microsoft Data Access Components 2.8 Service Pack 2 (Windows XP Professional x64 Edition Service Pack 2)
  • Microsoft Data Access Components 2.8 Service Pack 2 (Windows Server 2003 Service Pack 2)
  • Microsoft Data Access Components 2.8 Service Pack 2 (Windows Server 2003 x64 Edition Service Pack 2)
  • Microsoft Data Access Components 2.8 Service Pack 2 (Windows Server 2003 with SP2 for Itanium-based Systems)
  • Windows Data Access Components 6.0 (Windows Vista Service Pack 2)
  • Windows Data Access Components 6.0 (Windows Vista x64 Edition Service Pack 2)
  • Windows Data Access Components 6.0 (Windows Server 2008 for 32-bit Systems Service Pack 2)
  • Windows Data Access Components 6.0 (Windows Server 2008 for x64-based Systems Service Pack 2)
  • Windows Data Access Components 6.0 (Windows Server 2008 for Itanium-based Systems Service Pack 2)
  • Windows Data Access Components 6.0 (Windows 7 for 32-bit Systems)
  • Windows Data Access Components 6.0 (Windows 7 for 32-bit Systems Service Pack 1)
  • Windows Data Access Components 6.0 (Windows 7 for x64-based Systems)
  • Windows Data Access Components 6.0 (Windows 7 for x64-based Systems Service Pack 1)
  • Windows Data Access Components 6.0 (Windows Server 2008 R2 for x64-based Systems)
  • Windows Data Access Components 6.0 (Windows Server 2008 R2 for x64-based Systems Service Pack 1)
  • Windows Data Access Components 6.0 (Windows Server 2008 R2 for Itanium-based Systems)
  • Windows Data Access Components 6.0 (Windows Server 2008 R2 for Itanium-based Systems Service Pack 1)