Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-1142

4 documents4 sources

Severity

7.5HIGH

EPSS

83.0%

top 0.74%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Data Access Components Microsoft IE Microsoft Internet Explorer

Timeline

PublishedNov 29

Latest updateApr 30

Description

Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶NVDmicrosoft/data_access_components2.1, 2.5, 2.6+2

▶NVDmicrosoft/internet_explorer5.0.1, 5.5, 6.0+2

▶NVDmicrosoft/ie6.0

🔴Vulnerability Details

GHSA

GHSA-xcxr-qvgm-gqpg: Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2↗2022-04-30

▶

CVEList

CVE-2002-1142: Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2↗2004-09-01

▶

💥Exploits & PoCs

Exploit-DB

Microsoft IIS - MDAC 'msadcs.dll' RDS DataStub Content-Type Overflow (MS02-065) (Metasploit)↗2012-06-08

▶