Critical severity9.8NVD Advisory· Published Jul 10, 2012· Updated Apr 29, 2026

CVE-2012-1891

Description

Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE Vulnerability."

Affected products

Microsoft/Data Access Components2 versions
cpe:2.3:a:microsoft:data_access_components:2.8:sp1:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:microsoft:data_access_components:2.8:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:data_access_components:2.8:sp2:*:*:*:*:*:*
Microsoft/Windows Data Access Components
cpe:2.3:a:microsoft:windows_data_access_components:6.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.us-cert.gov/cas/techalerts/TA12-192A.htmlnvdUS Government Resource
docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-045nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14783nvd

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.047
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000