Windows MDAC RDS.Dataspace ActiveX control vulnerability

2007-07-16T00:00:00
ID SAINT:D7F75EFDCAC463A90F06C660FBFD2D10
Type saint
Reporter SAINT Corporation
Modified 2007-07-16T00:00:00

Description

Added: 07/16/2007
CVE: CVE-2006-0003
BID: 17462
OSVDB: 24517

Background

Microsoft Data Access Components (MDAC) enable Universal Data Access in Windows applications deployed over a network.

Problem

A cross-zone scripting vulnerability in the RDS.Dataspace ActiveX control in MDAC allows command execution when a user loads a specially crafted web page.

Resolution

Apply the update referenced in Microsoft Security Bulletin 06-014.

References

<http://www.kb.cert.org/vuls/id/234812>

Limitations

On Windows 2000, MDAC must be installed.

Platforms

Windows