Lucene search

K
saintSAINT CorporationSAINT:65C7C3492128A0E16DE8AD3815487951
HistoryJul 16, 2007 - 12:00 a.m.

Windows MDAC RDS.Dataspace ActiveX control vulnerability

2007-07-1600:00:00
SAINT Corporation
download.saintcorporation.com
8

5.1 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.967 High

EPSS

Percentile

99.7%

Added: 07/16/2007
CVE: CVE-2006-0003
BID: 17462
OSVDB: 24517

Background

Microsoft Data Access Components (MDAC) enable Universal Data Access in Windows applications deployed over a network.

Problem

A cross-zone scripting vulnerability in the RDS.Dataspace ActiveX control in MDAC allows command execution when a user loads a specially crafted web page.

Resolution

Apply the update referenced in Microsoft Security Bulletin 06-014.

References

<http://www.kb.cert.org/vuls/id/234812&gt;

Limitations

On Windows 2000, MDAC must be installed.

Platforms

Windows

5.1 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.967 High

EPSS

Percentile

99.7%