Flaw Leaves IE Open to Attack
Microsoft warns of serious security flaw that leaves any Windows PC running Internet Explorer vulnerable to attack.There is a serious security flaw in a technology included in many versions of Windows and Internet Explorer that enables an attacker to gain complete control of vulnerable Web servers or client machines. The flaw lies in the Microsoft Data Access Components, a collection of components used to provide database connectivity on Windows. The MDAC components are typically used to connect to remote databases or return data to a client machine. The buffer overrun vulnerability is in the Remote Data Services (RDS) Data Stub implementation, which parses incoming HTTP requests and creates RDS commands. By sending a specially formatted request to the Data Stub, an attacker could cause any code of choice to overflow onto the heap and execute, Microsoft Corp. said in its advisory, published Wednesday.
On client machines, this attack would either take the form of a malicious Web page hosted by the attacker or sent via HTML mail. To compromise a server, the attacker would only need to connect to the server and send the HTTP request.