Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted szDSN argument, which bypasses a signed comparison and leads to a buffer overflow, aka "DSN Overflow Vulnerability."
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: microsoft
Published: 2011-01-12T00:00:00
Updated: 2018-10-12T19:57:01
Reserved: 2010-12-10T00:00:00
Link: CVE-2011-0026
JSON object: View
NVD Information
Status : Modified
Published: 2011-01-12T01:00:01.807
Modified: 2023-12-07T18:38:56.693
Link: CVE-2011-0026
JSON object: View
Redhat Information
No data.
CWE