Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-0027

CWE-20Improper Input Validation4 documents4 sources
Severity
9.3CRITICAL
EPSS
67.6%
top 1.42%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft Data Access ComponentsMicrosoft Windows Data Access Components
Timeline
PublishedJan 12
Latest updateMay 3

Description

Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka "ADO Record Memory Vulnerability." NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-3h23-qfr3-fm4r: Microsoft Data Access Components (MDAC) 22022-05-03
CVEList
CVE-2011-0027: Microsoft Data Access Components (MDAC) 22011-01-12

💥Exploits & PoCs

1
Exploit-DB
Microsoft Data Access Components - Remote Overflow (MS11-002)2011-01-12
CVE-2011-0027 (CRITICAL CVSS 9.3) | Microsoft Data Access Components (M | cvebase.io