Microsoft Security Bulletin MS02-065- Errors
From: todd (zondlo@radiks.net)
Date: 11/20/02
- Next message: John Elsbury: "Re: Web sites for checking ports"
- Previous message: Daniel Leisen: "Re: Cryptography - key signing"
- In reply to: Jerry Bryant [MS]: "Microsoft Security Bulletin MS02-065"
- Next in thread: Magnus: "Re: Microsoft Security Bulletin MS02-065- Errors"
- Reply: Magnus: "Re: Microsoft Security Bulletin MS02-065- Errors"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "todd" <zondlo@radiks.net> Date: Wed, 20 Nov 2002 12:20:31 -0800
For those of you who are going to find that this will make
you web app fail. The uninstall method is to reinstall
MDAC
Failed System:
Using IIS 4
NT4 sp6a
MDAC 2.5sp2
MTS
SQL Server 7.0 sp4
URLScan 2.5
RDS over HTTP
Error: Recordset cannot be created from the specified
source. The source file or stream must contain Recordset
data in XML or ADTG format.
This error occurs in the dataservices layer (under MTS)
when called from an ASP page. However if I call MTS
procedures from and ActiveX control on the client side
using RDS over HTTP the calls do not fail.
The ASP code instantiates a business services object
(under MTS). Business services object calls a
dataservices object which queries the database using a
parameterized sp that returns a recordset. Recordset is
processed in ASP code. All the objects are instantied
using Server.CreateObject in VBScript. Business and Data
Service layers are written in VB6sp5.
>-----Original Message-----
>Title: Buffer Overrun in Microsoft Data Access Components
Could Lead to Code
>Execution (Q329414)
>Date: November 20, 2002
>Software:
>Microsoft Data Access Components (MDAC) 2.1
>Microsoft Data Access Components (MDAC) 2.5
>Microsoft Data Access Components (MDAC) 2.6
>Microsoft Internet Explorer 5.01
>Microsoft Internet Explorer 5.5
>Microsoft Internet Explorer 6.0
>Note: The vulnerability does not affect Windows XP,
despite the fact that it
>uses Internet Explorer 6.0. Windows XP customers do not
need to take any
>action.
>Impact: Run code of attacker's choice
>Maximum Severity Rating: Critical
>Bulletin: MS02-065
>
>The Microsoft Security Response Center has released
Microsoft Security
>Bulletin MS02-065
>
>What Is It?
>The Microsoft Security Response Center has released
Microsoft Security
>Bulletin MS02-065 which concerns a vulnerability in
Microsoft Data Access
>Components in the versions listed above. Customers are
advised to review
>the information in the bulletin and test and deploy the
patch in their
>environments, if applicable.
>
>More information is now available at
>http://www.microsoft.com/technet/security/bulletin/MS02-
065.asp
>
>If you have any questions regarding the patch or its
implementation after
>reading the above listed bulletin you should contact
Product Support
>Services in the United States at 1-866-PCSafety (1-866-
727-2338) or post in
>this newsgroup. International customers should contact
their local
>subsidiary.
>
>--
>Regards,
>
>Jerry Bryant - MCSE, MCDBA
>Microsoft IT Communities
>
>Get Secure! http://www.microsoft.com/security
>
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>
>
>.
>
- Next message: John Elsbury: "Re: Web sites for checking ports"
- Previous message: Daniel Leisen: "Re: Cryptography - key signing"
- In reply to: Jerry Bryant [MS]: "Microsoft Security Bulletin MS02-065"
- Next in thread: Magnus: "Re: Microsoft Security Bulletin MS02-065- Errors"
- Reply: Magnus: "Re: Microsoft Security Bulletin MS02-065- Errors"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
