Maximum severity rating: critical

A security vulnerability in Microsoft Windows-based systems could allow an attacker to gain complete control over an affected system, thereby gaining the ability to take any action that the legitimate user could take.

This could include creating, modifying or deleting data on the system, reconfiguring it, reformatting the hard drive, or running programs of the attacker’s choice on it. The vulnerability poses a risk both to web servers and web clients.

Anyone using Microsoft Windows 2000, Windows Me, Windows 98 SE, Windows 98, or Windows NT 4.0 is at risk and needs to download a patch from the Microsoft site to fix the problem. Windows XP, however, is not affected by this issue. At greatest risk are systems that operate Web sites using Microsoft Internet Information Services (IIS) and anyone who browses the Web using Microsoft Internet Explorer.

Specifically, the vulnerability concerns Microsoft Data Access Components (MDAC), a collection of components used to provide database connectivity on Windows platforms. MDAC is a ubiquitous technology and is present on most Windows systems.

MDAC provides the underlying functionality for a number of database operations, such as connecting to remote databases and returning data to a client. One of the MDAC components is known as Remote Data Services (RDS) and it is in the RDS where the security vulnerability is present. Specifically, it is in a function called the RDS Data Stub, whose purpose it is to parse incoming HTTP requests and generate RDS commands.

A security vulnerability resulting from an unchecked buffer in the Data Stub affects versions of MDAC prior to version 2.7 (the version that shipped with Windows XP). By sending a specially malformed HTTP request to the Data Stub, an attacker could cause data of his or her choice to overrun onto the heap. Although heap overruns are typically more difficult to exploit than the more-common stack overrun, Microsoft has confirmed that in this case it would be possible to exploit the vulnerability to run code of the attacker’s choice on the user’s system.

On the web