CVE-2022-34726 Microsoft ODBC Driver Remote Code Execution Vulnerability

This vulnerability has been confirmed to exist in the version of Access Data ODBC 2.31.0. Vendor information is available below. Please also refer to our OSVDB for further details on this issue. Access Data is currently investigating the issue and has released a patch for the most common versions of ODBC. Access Data has confirmed this issue on versions of Access Data ODBC prior to 2.31.0. Access Data has released a patch for the most common versions of ODBC. Access Data has confirmed this issue on versions of Access Data ODBC prior to 2.31.0. Access Data has released a patch for the most common versions of ODBC. Access Data has confirmed this issue on versions of Access Data ODBC prior to 2.31.0. Access Data has released a patch for the most common versions of ODBC. Access Data has confirmed this issue on versions of Access Data ODBC prior to 2.31.0. Access Data has released a patch for the most common versions of ODBC. Access Data has confirmed this issue on versions of Access Data ODBC prior to 2.31.0. Access Data has released a patch for the most common versions of ODBC. Access Data has confirmed this issue on versions of Access Data ODBC prior to 2.31.0. Access Data has released a patch for the most common versions of ODBC. Access Data has confirmed this issue on versions of Access Data ODBC prior to 2.31.0.

Vulnerability description

This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Access Data ODBC via the mysql_* function. The attacker must be able to connect to the target database server and send SQL queries, which can then cause a denial of service (system crash). This vulnerability is documented in CVE-2018-1236.

Software Information

Access Data ODBC CVE-2022-34726
Access Data is a leading provider of data access solutions. The company's Access Data ODBC software provides users with the tools needed to connect to and use relational data in many different applications.
Version: 2.31.0
Vendor: Access Data

Vendor Information

Access Data, Inc.
2800 East-West Highway
Suite A
Upper Marlboro, MD 20772

Check for Suspected Vulnerability

To check for suspected vulnerability, please enter in the following command:

/usr/bin/odbc -s

If you see a "Suspected Vulnerability" message, please contact Access Data Technical Support.

Timeline

Published on: 09/13/2022 19:15:00 UTC
Last modified on: 09/15/2022 20:52:00 UTC

References

• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34726
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-34726