Unrated severityNVD Advisory· Published Jan 12, 2011· Updated Apr 29, 2026

CVE-2011-0027

Description

Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka "ADO Record Memory Vulnerability." NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118.

Affected products

Microsoft/Data Access Components2 versions
cpe:2.3:a:microsoft:data_access_components:2.8:sp1:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:microsoft:data_access_components:2.8:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:data_access_components:2.8:sp2:*:*:*:*:*:*
Microsoft/Windows Data Access Components
cpe:2.3:a:microsoft:windows_data_access_components:6.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/42804nvdVendor Advisory
www.vupen.com/english/advisories/2011/0075nvdVendor Advisory
www.us-cert.gov/cas/techalerts/TA11-011A.htmlnvdUS Government Resource
osvdb.org/70444nvd
support.avaya.com/css/P8/documents/100124846nvd
vreugdenhilresearch.nl/ms11-002-pwn2own-heap-overflow/nvd
www.securityfocus.com/bid/45698nvd
www.securitytracker.com/idnvd
www.zerodayinitiative.com/advisories/ZDI-11-002/nvd
docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-002nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12411nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.054
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000