Microsoft IIS MDAC RDS Arbitrary Remote Command Execution

1999-07-19T00:00:00
ID OSVDB:272
Type osvdb
Reporter OSVDB
Modified 1999-07-19T00:00:00

Description

Vulnerability Description

Microsoft Data Access Components (MDAC) contains a flaw that allows a remote attacker to access/query OLE database sources and potentially execute arbitrary commands. Due to a flaw in the way RDS DataFactory object requests are handled, a remote attacker can execute privileged commands without authentication.

Solution Description

Upgrade to MDAC version 2.1 SP2 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Delete the /msadc virtual directory in IIS

Short Description

Microsoft Data Access Components (MDAC) contains a flaw that allows a remote attacker to access/query OLE database sources and potentially execute arbitrary commands. Due to a flaw in the way RDS DataFactory object requests are handled, a remote attacker can execute privileged commands without authentication.

Manual Testing Notes

Checks for the presence of /msadc/msadcs.dll

References:

Vendor Specific Solution URL: http://www.microsoft.com/data/download.htm Snort Signature ID: 1023 Other Advisory URL: http://www.nipc.gov/warnings/advisories/1999/99-027.htm Other Advisory URL: http://xforce.iss.net/xforce/alerts/id/advise32 Other Advisory URL: http://www.wiretrip.net/rfp/txt/rfp9902.txt Microsoft Security Bulletin: MS99-025 Microsoft Security Bulletin: MS98-004 ISS X-Force ID: 1212 Generic Informational URL: http://support.microsoft.com/default.aspx?scid=kb;[LN];184375 Generic Informational URL: http://www.cert.org/incident_notes/IN-99-08.html CVE-1999-1011 CIAC Advisory: j-054 Bugtraq ID: 529