Vulnerabilities > CVE-2006-0003 - Remote Code Execution vulnerability in Microsoft MDAC RDS.Dataspace ActiveX Control
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 6 |
Exploit-Db
description MS Internet Explorer (MDAC) Remote Code Execution Exploit (MS06-014). CVE-2006-0003. Remote exploit for windows platform file exploits/windows/remote/2052.sh id EDB-ID:2052 last seen 2016-01-31 modified 2006-07-21 platform windows port published 2006-07-21 reporter redsand source https://www.exploit-db.com/download/2052/ title Microsoft Internet Explorer - MDAC Remote Code Execution Exploit MS06-014 type remote description Internet Explorer (MDAC) Remote Code Execution Exploit (MS06-014) (2). CVE-2006-0003. Remote exploit for windows platform file exploits/windows/remote/2164.pm id EDB-ID:2164 last seen 2016-01-31 modified 2006-08-10 platform windows port published 2006-08-10 reporter H D Moore source https://www.exploit-db.com/download/2164/ title Microsoft Internet Explorer - MDAC Remote Code Execution Exploit MS06-014 2 type remote description Internet Explorer COM CreateObject Code Execution. CVE-2006-0003,CVE-2006-4704. Remote exploit for windows platform id EDB-ID:16561 last seen 2016-02-02 modified 2010-09-20 published 2010-09-20 reporter metasploit source https://www.exploit-db.com/download/16561/ title Microsoft Internet Explorer - COM CreateObject Code Execution
Metasploit
| description | This module exploits a generic code execution vulnerability in Internet Explorer by abusing vulnerable ActiveX objects. |
| id | MSF:EXPLOIT/WINDOWS/BROWSER/IE_CREATEOBJECT |
| last seen | 2020-05-23 |
| modified | 2017-07-24 |
| published | 2009-07-22 |
| references | |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/browser/ie_createobject.rb |
| title | MS06-014 Microsoft Internet Explorer COM CreateObject Code Execution |
Nessus
| NASL family | Windows : Microsoft Bulletins |
| NASL id | SMB_NT_MS06-014.NASL |
| description | The remote Microsoft Data Access Component (MDAC) server is vulnerable to a flaw that could allow a local administrator to elevate his privileges to the |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 21211 |
| published | 2006-04-11 |
| reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/21211 |
| title | MS06-014: Vulnerability in MDAC Could Allow Code Execution (911562) |
Oval
accepted 2011-05-16T04:00:32.349-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Clifford Farrugia organization GFI Software name Dragos Prisaca organization Gideon Technologies, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors. family windows id oval:org.mitre.oval:def:1204 status accepted submitted 2006-04-12T12:55:00.000-04:00 title WinXP,SP2 Microsoft Data Access Components RDS.Dataspace Remote Code Execution Vulnerability version 13 accepted 2011-05-16T04:00:51.262-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Jonathan Baker organization The MITRE Corporation name Clifford Farrugia organization GFI Software name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors. family windows id oval:org.mitre.oval:def:1323 status accepted submitted 2006-04-12T12:55:00.000-04:00 title Server 2003 Microsoft Data Access Components RDS.Dataspace Remote Code Execution Vulnerability version 12 accepted 2011-05-16T04:01:10.821-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Clifford Farrugia organization GFI Software name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors. family windows id oval:org.mitre.oval:def:1511 status accepted submitted 2006-04-12T12:55:00.000-04:00 title WinXP,SP1 Microsoft Data Access Components RDS.Dataspace Remote Code Execution Vulnerability version 15 accepted 2011-05-16T04:01:42.674-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Clifford Farrugia organization GFI Software name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors. family windows id oval:org.mitre.oval:def:1742 status accepted submitted 2006-04-12T12:55:00.000-04:00 title Windows (S03,SP1/XP 64-bit) Microsoft Data Access Components RDS.Dataspace Remote Code Execution Vulnerability version 15 accepted 2011-05-16T04:01:48.563-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Anna Min organization BigFix, Inc name Clifford Farrugia organization GFI Software name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors. family windows id oval:org.mitre.oval:def:1778 status accepted submitted 2006-04-12T12:55:00.000-04:00 title Microsoft Windows 2000 Microsoft Data Access Components RDS.Dataspace Remote Code Execution Vulnerability version 12
Saint
| bid | 17462 |
| description | Windows MDAC RDS.Dataspace ActiveX control vulnerability |
| id | win_patch_mdacrce |
| osvdb | 24517 |
| title | mdac_rds_dataspace |
| type | client |
References
- http://secunia.com/advisories/19583
- http://secunia.com/advisories/20719
- http://securitytracker.com/id?1015894
- http://www.hitachi-support.com/security_e/vuls_e/HS06-013_e/01-e.html
- http://www.hitachi-support.com/security_e/vuls_e/HS06-013_e/index-e.html
- http://www.kb.cert.org/vuls/id/234812
- http://www.osvdb.org/24517
- http://www.securityfocus.com/archive/1/475104/100/100/threaded
- http://www.securityfocus.com/archive/1/475108/100/100/threaded
- http://www.securityfocus.com/archive/1/475118/100/100/threaded
- http://www.securityfocus.com/archive/1/475490/100/100/threaded
- http://www.securityfocus.com/archive/1/487216/100/200/threaded
- http://www.securityfocus.com/archive/1/487219/100/200/threaded
- http://www.securityfocus.com/bid/17462
- http://www.securityfocus.com/bid/20797
- http://www.securityfocus.com/data/vulnerabilities/exploits/0day_ie.pdf
- http://www.us-cert.gov/cas/techalerts/TA06-101A.html
- http://www.vupen.com/english/advisories/2006/1319
- http://www.vupen.com/english/advisories/2006/2452
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-014
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25006
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29915
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1204
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1323
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1511
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1742
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1778
- https://www.exploit-db.com/exploits/2052
- https://www.exploit-db.com/exploits/2164