cancel
Showing results for 
Search instead for 
Did you mean: 

Microsoft Data Access Objects Library 3.6 DLL Hijacking Vulnerability

Hi

I'm wondering what other security risk administrators do with vulnerability like this "Microsoft Data Access Objects Library 3.6 DLL Hijacking Vulnerability" .

There is no official patch for it, applications on server use DAO, so what to do? ignore or not
what is te best pratice or how to deal with vulnerabilities like this

thanks for answers

regards
Marek Kulczyk

1 Reply

Re: Microsoft Data Access Objects Library 3.6 DLL Hijacking Vulnerability

Hi kulczykm,

First the "Microsoft Data Access Objects Library 3.6 DLL Hijacking Vulnerability" CVE-2010-4182 was already covered by MVM please check this document: http://www.mcafee.com/us/resources/release-notes/foundstone/fsl_08_02_2011.pdf

Second, if you detected that vulnerability the best thing to do in my opinion is to use a preventive solution as an IPS. That's why I checked the my McAfee NSP solution and I looked for that vulnerability in the "all inclusive without audit" policy, I searched by CVE as reference, and ooohh surprise I didn't find any coverage.

Conclusion: in my opinion the best solution for a not patched vuln is use a preventive tool like an IPS. Now I'm wondering Why McAfee NSP has no coverage for that vuln...I feel a little bit worried now.

More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support

    • Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center