CVE-2011-0026

CVE Database · CVE-2011-0026

CVE-2011-0026

· N/AModified

CVSS v3.1

N/A

EPSS

34.40%

Published

Jan 11, 2011

Modified

Apr 28, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted szDSN argument, which bypasses a signed comparison and leads to a buffer overflow, aka "DSN Overflow Vulnerability."

Weaknesses (CWE)

CWE-189

Affected Products (18)

microsoft · data_access_componentsvulnerable

microsoft · windows_xp

microsoft · data_access_componentsvulnerable

microsoft · windows_2003_server

microsoft · windows_server_2003

microsoft · windows_xp

microsoft · windows_data_access_componentsvulnerable

microsoft · windows_7

microsoft · windows_server_2008