Article ID: 823718
Article Last Modified on 5/21/2007
APPLIES TO
- Microsoft Data Access Components 2.7 Service Pack 1
- Microsoft Data Access Components 2.7
- Microsoft Data Access Components 2.6 Service Pack 2
- Microsoft Data Access Components 2.5 Service Pack 3
- Microsoft Data Access Components 2.5 Service Pack 2
SUMMARY
Microsoft Data Access Components (MDAC) is a collection of components that is used to provide database connectivity on Microsoft Windows operating systems. MDAC is a ubiquitous technology, and it is likely to be present on most Windows systems.
By default, MDAC is included as part of Microsoft Windows XP, Microsoft Windows 2000, and Microsoft Windows Millennium Edition (Me). A number of other products and technologies also include or install MDAC. For example, the Microsoft Windows NT 4.0 Option Pack and Microsoft SQL Server 2000 both include MDAC, and some MDAC components are present as part of Microsoft Internet Explorer even if MDAC itself is not installed. MDAC is also available as a stand-alone technology. To download MDAC, visit the following Microsoft Web site:
Versions of MDAC earlier than 2.8 contain a flaw that results in a buffer overflow vulnerability. MDAC provides the underlying functionality for a number of database operations, such as connecting to remote databases and returning data to a client. When a client computer on a network tries to see a list of computers that are running Microsoft SQL Server and that are residing on the network, it sends a broadcast request to all the devices that are on the network. Because of a flaw in a specific MDAC component, an attacker can respond with a specially crafted packet that causes a buffer overflow to occur. The security patch that is described in this article resolves the buffer overflow vulnerability.
An attacker who successfully exploits this flaw can gain the same level of user rights over the system as the application that initiated the aforementioned broadcast request. This can include creating, modifying, or deleting data on the system; reconfiguring the system; reformatting the hard disk; or running programs of the attacker’s choice on the system.
The mitigating factors are as follows:
- For an attack to be successful, an attacker must simulate a computer that is running Microsoft SQL Server on the same subnet as the target system.
- Code that is executed on the client system would only run under the administrative credentials of the logged-on user.
- MDAC version 2.8 does not contain the flaw that this bulletin fixes. For additional information about MDAC 2.8, click the following article number to view the article in the Microsoft Knowledge Base:
820761 List of significant fixes that are included in MDAC 2.8
MORE INFORMATION
Download Information
The following file is available for download from the Microsoft Download Center:
Download the Microsoft Data Access Components (MDAC) Security Patch MS03-033 package now. Release Date: 20 August 2003
For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.
Note This patch is not language-specific.
Prerequisites
You must be running one of the following versions of MDAC:
- MDAC 2.5 Service Pack 2
- MDAC 2.5 Service Pack 3
- MDAC 2.6 Service Pack 2
- MDAC 2.7 RTM
- MDAC 2.7 Service Pack 1
Older versions of MDAC are vulnerable but are not supported. You must upgrade to an MDAC version that is listed to apply this patch.
You can determine the version of MDAC you are running by checking the registry. The version information is found in the following key: HKEY_LOCAL_MACHINE\Software\Microsoft\DataAccess\FullInstallVer
To check the registry, follow these steps:
- Click Start, and then click Run.
- In the Open text box, type regedit, and then click OK. This starts Registry Editor.
- In the navigation pane, locate the following key:
HKEY_LOCAL_MACHINE\Software\Microsoft\DataAccess
- In the details pane, locate FullInstallVer and Version inthe Name column. Each of these keys has corresponding version information in the Data column. Compare this information with the version information in the following table.
- When you are finished, click Exit on the Registry menu to close Registry Editor.
MDAC Version | FullInstallVer |
MDAC 2.5 RTM | 2.50.xxxx.x |
MDAC 2.5 SP1 | 2.51.xxxx.x |
MDAC 2.5 SP2 | 2.52.xxxx.x |
MDAC 2.5 SP3 | 2.53.xxxx.x |
MDAC 2.6 RTM | 2.60.xxxx.x |
MDAC 2.6 SP1 | 2.61.xxxx.x |
MDAC 2.6 SP2 | 2.62.xxxx.x |
MDAC 2.7 RTM | 2.70.xxxx.x |
MDAC 2.7 SP1 | 2.71.xxxx.x |
MDAC 2.8 RTM | 2.80.xxxx.x |
For additional information about how to determine your version of MDAC, click the following article number to view the article in the Microsoft Knowledge Base:
301202 How to check for MDAC version
Installation information
This security patch is installed through an installer program.
Note The installer program is in English only.
Installation options
This update supports the following Setup switches:
Switch Description ------------------------------------------------------------------------- /? Displays the list of installation switches /Q Quiet mode /T:<full path> Specifies the temporary working folder /C Extract files only to the folder when it is used with /T /C:<Cmd> Override Install Command that author defines /N No restart dialog box
For example, the following command-line command installs the update without any user intervention and suppresses a restart:
Q823718_MDAC_SecurityPatch /C:"dahotfix.exe /q /n" /q
The /q switch that is specified for dahotfix.exe is for a silent install, and the /n switch suppresses the restart.
Warning Your computer is vulnerable until you restart it.
Restart requirement
You must restart your computer after you apply this update.
Removal information
This security patch cannot be removed after it has been installed.
Security patch replacement information
This security patch replaces the security patch that is provided in Microsoft Security Bulletin MS02-040. For more information about Microsoft Security Bulletin MS02-040, visit the following Microsoft Web site:
For additional information about Microsoft Security Bulletin MS02-040, click the following article number to view the article in the Microsoft Knowledge Base:
326573 MS02-040: Unchecked buffer in OpenRowset updates
File Information
The English version of this security patch has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
MDAC 2.5 Service Pack 2
Date Time Version Size File name -------------------------------------------------------------- 23-Jul-2003 20:56 3.520.6100.40 212,992 Odbc32.dll 21-Jul-2003 22:24 3.70.11.40 24,848 Odbcbcp.dll 23-Jul-2003 02:29 3.520.6100.40 102,672 Odbccp32.dll 21-Jul-2003 22:24 3.70.11.40 524,560 Sqlsrv32.dll
MDAC 2.5 Service Pack 3
Date Time Version Size File name -------------------------------------------------------------- 24-Jul-2003 00:13 3.520.6300.40 212,992 Odbc32.dll 21-Jul-2003 22:24 3.70.11.40 24,848 Odbcbcp.dll 24-Jul-2003 00:11 3.520.6300.40 102,672 Odbccp32.dll 21-Jul-2003 22:24 3.70.11.40 524,560 Sqlsrv32.dll
MDAC 2.6 Service Pack 2
Date Time Version Size File name -------------------------------------------------------------- 21-Jul-2003 17:28 2000.80.746.0 86,588 Dbnetlib.dll 22-Jul-2003 22:04 3.520.7501.40 217,360 Odbc32.dll 21-Jul-2003 17:28 2000.80.746.0 29,252 Odbcbcp.dll 22-Jul-2003 22:04 3.520.7501.40 102,672 Odbccp32.dll 31-Jul-2003 23:07 2000.80.746.0 479,800 Sqloledb.dll 21-Jul-2003 17:28 2000.80.746.0 455,236 Sqlsrv32.dll
MDAC 2.7 RTM
Date Time Version Size File name -------------------------------------------------------------- 31-Jul-2003 17:49 2000.81.9001.40 61,440 Dbnetlib.dll 22-Jul-2003 23:04 3.520.9001.40 204,800 Odbc32.dll 22-Jul-2003 23:10 2000.81.9001.40 24,576 Odbcbcp.dll 22-Jul-2003 23:10 3.520.9001.40 94,208 Odbccp32.dll 31-Jul-2003 17:49 2000.81.9001.40 450,560 Sqloledb.dll 22-Jul-2003 23:08 2000.81.9001.40 356,352 Sqlsrv32.dll
MDAC 2.7 Service Pack 1
Date Time Version Size File name -------------------------------------------------------------- 22-Jul-2003 18:27 2000.81.9041.40 61,440 Dbnetlib.dll 22-Jul-2003 18:22 3.520.9041.40 204,800 Odbc32.dll 22-Jul-2003 18:28 2000.81.9041.40 24,576 Odbcbcp.dll 22-Jul-2003 18:28 3.520.9041.40 98,304 Odbccp32.dll 31-Jul-2003 18:47 2000.81.9041.40 471,040 Sqloledb.dll 22-Jul-2003 18:27 2000.81.9041.40 385,024 Sqlsrv32.dll
Verification
Make sure that you have the correct versions of the files that are listed in this article.
You can also verify the patch installation by checking for the existence of the following entries under the HKLM\Software\Microsoft\Updates
key and installed file versions. You should see the following entry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\DataAccess\Q823718
REFERENCES
For additional information about this security patch, see Microsoft Security Bulletin MS03-033:
Keywords: kbsecvulnerability kbsecurity kbsecbulletin kbbug kbfix KB823718