CVE-2010-1117 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Data Access Components

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-20 — Improper Input Validation5 documents3 sources

Severity

9.3CRITICALNVD

NVD7.6

EPSS

39.2%

top 2.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Data Access Components Microsoft Internet Explorer Microsoft Windows Data Access Components

Timeline

PublishedMar 25

Latest updateMay 3

Description

Heap-based buffer overflow in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to discover the base address of a Windows .dll file, and possibly have unspecified other impact, via unknown vectors, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages3 packages

▶NVDmicrosoft/internet_explorer8.0.6001

▶NVDmicrosoft/windows_data_access_components6.0

▶NVDmicrosoft/data_access_components2.8

🔴Vulnerability Details

GHSA

GHSA-3h23-qfr3-fm4r: Microsoft Data Access Components (MDAC) 2↗2022-05-03

▶

GHSA

GHSA-q2jw-4pf6-6hm6: Heap-based buffer overflow in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to discover the base address of a Windows↗2022-05-02

▶

💥Exploits & PoCs

Exploit-DB

Motorola Timbuktu Pro - Directory Traversal / Arbitrary File Upload (Metasploit)↗2010-11-24

▶