Lucene search

SAINT CorporationSAINT:BC1DB9AB9516112650D9CE49519F32F1

HistoryJul 16, 2007 - 12:00 a.m.

Windows MDAC RDS.Dataspace ActiveX control vulnerability

2007-07-1600:00:00

SAINT Corporation

my.saintcorporation.com

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

EPSS

0.967

Percentile

99.7%

JSON

Added: 07/16/2007
CVE: CVE-2006-0003
BID: 17462
OSVDB: 24517

Background

Microsoft Data Access Components (MDAC) enable Universal Data Access in Windows applications deployed over a network.

Problem

A cross-zone scripting vulnerability in the RDS.Dataspace ActiveX control in MDAC allows command execution when a user loads a specially crafted web page.

Resolution

Apply the update referenced in Microsoft Security Bulletin 06-014.

References

<http://www.kb.cert.org/vuls/id/234812>

Limitations

On Windows 2000, MDAC must be installed.

Platforms

Windows

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

EPSS

0.967

Percentile

99.7%

JSON

Related for SAINT:BC1DB9AB9516112650D9CE49519F32F1