NetProwler 3.5.1 Security Update 21

November 27, 2002
NetProwler 3.5.1 Security Update 21

Description

NetProwler 3.5.1 SU21 includes detection of requests made to the RDS Data Stub component of Microsoft Data Access Components (MDAC). Successful exploitation of this vulnerability could result in an attacker's ability to execute arbitrary code on the machine. MDAC ships by default with all versions of Windows 2000 and IIS web server. You may obtain NetProwler 3.5.1 SU21 through the product's auto update feature.

Security Update 21 Signature

HTTP_MDAC_Component_Request:

Microsoft Data Access Components (MDAC) contains multiple buffer overflows in a Remote Data Services (RDS) component. The server side RDS component affected is called the RDS Data Stub, while the client side is called the Data Space control. The buffer overflows are related to the parsing of some header fields of MDAC requests performed by msadcs.dll.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1142

Last modified on: Wednesday, 27-Nov-02 20:31:05