ID CVE-2006-0003
Summary Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors.
References
Vulnerable Configurations
  • Microsoft data_access_components 2.5 sp3
    cpe:2.3:a:microsoft:data_access_components:2.5:sp3
  • Microsoft data_access_components 2.7
    cpe:2.3:a:microsoft:data_access_components:2.7
  • Microsoft data_access_components 2.7 sp1
    cpe:2.3:a:microsoft:data_access_components:2.7:sp1
  • Microsoft data_access_components 2.8
    cpe:2.3:a:microsoft:data_access_components:2.8
  • Microsoft Data Access Components (MDAC) 2.8 Service Pack 1
    cpe:2.3:a:microsoft:data_access_components:2.8:sp1
  • Microsoft Data Access Components (MDAC) 2.8 Service Pack 2
    cpe:2.3:a:microsoft:data_access_components:2.8:sp2
CVSS
Base: 5.1 (as of 12-04-2006 - 14:06)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
  • description MS Internet Explorer (MDAC) Remote Code Execution Exploit (MS06-014). CVE-2006-0003. Remote exploit for windows platform
    file exploits/windows/remote/2052.sh
    id EDB-ID:2052
    last seen 2016-01-31
    modified 2006-07-21
    platform windows
    port
    published 2006-07-21
    reporter redsand
    source https://www.exploit-db.com/download/2052/
    title Microsoft Internet Explorer - MDAC Remote Code Execution Exploit MS06-014
    type remote
  • description Internet Explorer (MDAC) Remote Code Execution Exploit (MS06-014) (2). CVE-2006-0003. Remote exploit for windows platform
    file exploits/windows/remote/2164.pm
    id EDB-ID:2164
    last seen 2016-01-31
    modified 2006-08-10
    platform windows
    port
    published 2006-08-10
    reporter H D Moore
    source https://www.exploit-db.com/download/2164/
    title Microsoft Internet Explorer - MDAC Remote Code Execution Exploit MS06-014 2
    type remote
  • description Internet Explorer COM CreateObject Code Execution. CVE-2006-0003,CVE-2006-4704. Remote exploit for windows platform
    id EDB-ID:16561
    last seen 2016-02-02
    modified 2010-09-20
    published 2010-09-20
    reporter metasploit
    source https://www.exploit-db.com/download/16561/
    title Microsoft Internet Explorer - COM CreateObject Code Execution
metasploit via4
description This module exploits a generic code execution vulnerability in Internet Explorer by abusing vulnerable ActiveX objects.
id MSF:EXPLOIT/WINDOWS/BROWSER/IE_CREATEOBJECT
last seen 2019-03-22
modified 2017-07-24
published 2009-07-22
reliability Excellent
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ie_createobject.rb
title MS06-014 Microsoft Internet Explorer COM CreateObject Code Execution
nessus via4
NASL family Windows : Microsoft Bulletins
NASL id SMB_NT_MS06-014.NASL
description The remote Microsoft Data Access Component (MDAC) server is vulnerable to a flaw that could allow a local administrator to elevate his privileges to the 'system' level, thus gaining the complete control over the remote system.
last seen 2019-02-21
modified 2018-11-15
plugin id 21211
published 2006-04-11
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=21211
title MS06-014: Vulnerability in MDAC Could Allow Code Execution (911562)
oval via4
  • accepted 2011-05-16T04:00:32.349-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Clifford Farrugia
      organization GFI Software
    • name Dragos Prisaca
      organization Gideon Technologies, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors.
    family windows
    id oval:org.mitre.oval:def:1204
    status accepted
    submitted 2006-04-12T12:55:00.000-04:00
    title WinXP,SP2 Microsoft Data Access Components RDS.Dataspace Remote Code Execution Vulnerability
    version 13
  • accepted 2011-05-16T04:00:51.262-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Clifford Farrugia
      organization GFI Software
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors.
    family windows
    id oval:org.mitre.oval:def:1323
    status accepted
    submitted 2006-04-12T12:55:00.000-04:00
    title Server 2003 Microsoft Data Access Components RDS.Dataspace Remote Code Execution Vulnerability
    version 12
  • accepted 2011-05-16T04:01:10.821-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Clifford Farrugia
      organization GFI Software
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors.
    family windows
    id oval:org.mitre.oval:def:1511
    status accepted
    submitted 2006-04-12T12:55:00.000-04:00
    title WinXP,SP1 Microsoft Data Access Components RDS.Dataspace Remote Code Execution Vulnerability
    version 14
  • accepted 2011-05-16T04:01:42.674-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Clifford Farrugia
      organization GFI Software
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors.
    family windows
    id oval:org.mitre.oval:def:1742
    status accepted
    submitted 2006-04-12T12:55:00.000-04:00
    title Windows (S03,SP1/XP 64-bit) Microsoft Data Access Components RDS.Dataspace Remote Code Execution Vulnerability
    version 14
  • accepted 2011-05-16T04:01:48.563-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Anna Min
      organization BigFix, Inc
    • name Clifford Farrugia
      organization GFI Software
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description a Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors.
    family windows
    id oval:org.mitre.oval:def:1778
    status accepted
    submitted 2006-04-12T12:55:00.000-04:00
    title Microsoft Windows 2000 Microsoft Data Access Components RDS.Dataspace Remote Code Execution Vulnerability
    version 12
refmap via4
bid
  • 17462
  • 20797
bugtraq
  • 20070729 Exploit In Internet Explorer
  • 20070730 RE: Exploit In Internet Explorer
  • 20070730 Re: Exploit In Internet Explorer
  • 20070731 Re: Exploit In Internet Explorer
  • 20080128 Exploit in IE6,7
  • 20080128 Re: Exploit in IE6,7
cert TA06-101A
cert-vn VU#234812
confirm
exploit-db
  • 2052
  • 2164
misc http://www.securityfocus.com/data/vulnerabilities/exploits/0day_ie.pdf
ms MS06-014
osvdb 24517
sectrack 1015894
secunia
  • 19583
  • 20719
vupen
  • ADV-2006-1319
  • ADV-2006-2452
xf
  • ie-wscriptshell-command-execution(29915)
  • mdac-rdsdataspace-execute-code(25006)
saint via4
bid 17462
description Windows MDAC RDS.Dataspace ActiveX control vulnerability
id win_patch_mdacrce
osvdb 24517
title mdac_rds_dataspace
type client
Last major update 07-03-2011 - 21:29
Published 11-04-2006 - 20:02
Last modified 19-10-2018 - 11:41
Back to Top