Lucene search

K
saintSAINT CorporationSAINT:65C7C3492128A0E16DE8AD3815487951
HistoryJul 16, 2007 - 12:00 a.m.

Windows MDAC RDS.Dataspace ActiveX control vulnerability

2007-07-1600:00:00
SAINT Corporation
download.saintcorporation.com
8

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.967 High

EPSS

Percentile

99.7%

Added: 07/16/2007
CVE: CVE-2006-0003
BID: 17462
OSVDB: 24517

Background

Microsoft Data Access Components (MDAC) enable Universal Data Access in Windows applications deployed over a network.

Problem

A cross-zone scripting vulnerability in the RDS.Dataspace ActiveX control in MDAC allows command execution when a user loads a specially crafted web page.

Resolution

Apply the update referenced in Microsoft Security Bulletin 06-014.

References

<http://www.kb.cert.org/vuls/id/234812&gt;

Limitations

On Windows 2000, MDAC must be installed.

Platforms

Windows

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.967 High

EPSS

Percentile

99.7%