ID CVE-2006-0003
Summary Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:data_access_components:2.5:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:data_access_components:2.5:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:data_access_components:2.7:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:data_access_components:2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:data_access_components:2.7:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:data_access_components:2.7:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:data_access_components:2.8:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:data_access_components:2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:data_access_components:2.8:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:data_access_components:2.8:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:data_access_components:2.8:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:data_access_components:2.8:sp2:*:*:*:*:*:*
CVSS
Base: 5.1 (as of 19-10-2018 - 15:41)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:P/A:P
oval via4
  • accepted 2011-05-16T04:00:32.349-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Clifford Farrugia
      organization GFI Software
    • name Dragos Prisaca
      organization Gideon Technologies, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors.
    family windows
    id oval:org.mitre.oval:def:1204
    status accepted
    submitted 2006-04-12T12:55:00.000-04:00
    title WinXP,SP2 Microsoft Data Access Components RDS.Dataspace Remote Code Execution Vulnerability
    version 13
  • accepted 2011-05-16T04:00:51.262-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Clifford Farrugia
      organization GFI Software
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors.
    family windows
    id oval:org.mitre.oval:def:1323
    status accepted
    submitted 2006-04-12T12:55:00.000-04:00
    title Server 2003 Microsoft Data Access Components RDS.Dataspace Remote Code Execution Vulnerability
    version 12
  • accepted 2011-05-16T04:01:10.821-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Clifford Farrugia
      organization GFI Software
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors.
    family windows
    id oval:org.mitre.oval:def:1511
    status accepted
    submitted 2006-04-12T12:55:00.000-04:00
    title WinXP,SP1 Microsoft Data Access Components RDS.Dataspace Remote Code Execution Vulnerability
    version 15
  • accepted 2011-05-16T04:01:42.674-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Clifford Farrugia
      organization GFI Software
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors.
    family windows
    id oval:org.mitre.oval:def:1742
    status accepted
    submitted 2006-04-12T12:55:00.000-04:00
    title Windows (S03,SP1/XP 64-bit) Microsoft Data Access Components RDS.Dataspace Remote Code Execution Vulnerability
    version 15
  • accepted 2011-05-16T04:01:48.563-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Anna Min
      organization BigFix, Inc
    • name Clifford Farrugia
      organization GFI Software
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors.
    family windows
    id oval:org.mitre.oval:def:1778
    status accepted
    submitted 2006-04-12T12:55:00.000-04:00
    title Microsoft Windows 2000 Microsoft Data Access Components RDS.Dataspace Remote Code Execution Vulnerability
    version 12
refmap via4
bid
  • 17462
  • 20797
bugtraq
  • 20070729 Exploit In Internet Explorer
  • 20070730 RE: Exploit In Internet Explorer
  • 20070730 Re: Exploit In Internet Explorer
  • 20070731 Re: Exploit In Internet Explorer
  • 20080128 Exploit in IE6,7
  • 20080128 Re: Exploit in IE6,7
cert TA06-101A
cert-vn VU#234812
confirm
exploit-db
  • 2052
  • 2164
misc http://www.securityfocus.com/data/vulnerabilities/exploits/0day_ie.pdf
osvdb 24517
sectrack 1015894
secunia
  • 19583
  • 20719
vupen
  • ADV-2006-1319
  • ADV-2006-2452
xf
  • ie-wscriptshell-command-execution(29915)
  • mdac-rdsdataspace-execute-code(25006)
saint via4
bid 17462
description Windows MDAC RDS.Dataspace ActiveX control vulnerability
id win_patch_mdacrce
osvdb 24517
title mdac_rds_dataspace
type client
Last major update 19-10-2018 - 15:41
Published 12-04-2006 - 00:02
Last modified 19-10-2018 - 15:41
Back to Top