var-199907-0014
Vulnerability from variot
The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands. Affected MDAC 1.5 and 2.0 Is Microsoft IIS alike Micorsoft Windows NT 4.0 Option Pack Included inMicrosoft IIS 3.x and 4.x On the server where is running MDAC If is installed, an arbitrary command may be executed. Both are included in a default installation of the Windows NT 4.0 Option Pack, but can be excluded via a custom installation. RDS includes a component called the DataFactory object, which has a vulnerability that could allow any web user to: --Obtain unauthorized access to unpublished files on the IIS server --Use MDAC to tunnel ODBC requests through to a remote internal or external location, thereby obtaining access to non-public servers or effectively masking the source of an attack on another network. The main risk in this vulnerability is the following: --If the Microsoft JET OLE DB Provider or Microsoft DataShape Provider are installed, a user could use the shell() VBA command on the server with System privileges. (See the Microsoft JET Database Engine VBA Vulnerability for more information). These two vulnerabilities combined can allow an attacker on the Internet to run arbitrary commands with System level privileges on the target host
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-199907-0014",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "index server",
"scope": "eq",
"trust": 1.9,
"vendor": "microsoft",
"version": "2.0"
},
{
"model": "data access components",
"scope": "eq",
"trust": 1.9,
"vendor": "microsoft",
"version": "2.0"
},
{
"model": "data access components",
"scope": "eq",
"trust": 1.9,
"vendor": "microsoft",
"version": "1.5"
},
{
"model": "site server",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": "data access components",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "2.1"
},
{
"model": "internet information server",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "internet information server",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": "iis",
"scope": "eq",
"trust": 1.1,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "iis",
"scope": "eq",
"trust": 1.1,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": "windows nt",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "4.0 (server)"
},
{
"model": "windows nt",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "4.0 (terminal_srv)"
},
{
"model": "site server commerce edition i386",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": "data access components upgrade",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2.1"
},
{
"model": "data access components clean",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2.1"
}
],
"sources": [
{
"db": "BID",
"id": "529"
},
{
"db": "JVNDB",
"id": "JVNDB-1999-000024"
},
{
"db": "CNNVD",
"id": "CNNVD-199907-021"
},
{
"db": "NVD",
"id": "CVE-1999-1011"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:iis",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_nt",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-1999-000024"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rain Forrest Puppy\u203b rfp@wiretrip.net",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199907-021"
}
],
"trust": 0.6
},
"cve": "CVE-1999-1011",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-1999-1011",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-1999-1011",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-1999-1011",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-199907-021",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-1999-1011",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-1999-1011"
},
{
"db": "JVNDB",
"id": "JVNDB-1999-000024"
},
{
"db": "CNNVD",
"id": "CNNVD-199907-021"
},
{
"db": "NVD",
"id": "CVE-1999-1011"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands. Affected MDAC 1.5 and 2.0 Is Microsoft IIS alike Micorsoft Windows NT 4.0 Option Pack Included inMicrosoft IIS 3.x and 4.x On the server where is running MDAC If is installed, an arbitrary command may be executed. Both are included in a default installation of the Windows NT 4.0 Option Pack, but can be excluded via a custom installation. \nRDS includes a component called the DataFactory object, which has a vulnerability that could allow any web user to:\n--Obtain unauthorized access to unpublished files on the IIS server\n--Use MDAC to tunnel ODBC requests through to a remote internal or external location, thereby obtaining access to non-public servers or effectively masking the source of an attack on another network. \nThe main risk in this vulnerability is the following:\n--If the Microsoft JET OLE DB Provider or Microsoft DataShape Provider are installed, a user could use the shell() VBA command on the server with System privileges. (See the Microsoft JET Database Engine VBA Vulnerability for more information). These two vulnerabilities combined can allow an attacker on the Internet to run arbitrary commands with System level privileges on the target host",
"sources": [
{
"db": "NVD",
"id": "CVE-1999-1011"
},
{
"db": "JVNDB",
"id": "JVNDB-1999-000024"
},
{
"db": "BID",
"id": "529"
},
{
"db": "VULMON",
"id": "CVE-1999-1011"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=19424",
"trust": 0.2,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-1999-1011"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "529",
"trust": 2.8
},
{
"db": "OSVDB",
"id": "272",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-1999-1011",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-1999-000024",
"trust": 0.8
},
{
"db": "MS",
"id": "MS98-004",
"trust": 0.6
},
{
"db": "MS",
"id": "MS99-025",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "3822",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-199907-021",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "19424",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-1999-1011",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-1999-1011"
},
{
"db": "BID",
"id": "529"
},
{
"db": "JVNDB",
"id": "JVNDB-1999-000024"
},
{
"db": "CNNVD",
"id": "CNNVD-199907-021"
},
{
"db": "NVD",
"id": "CVE-1999-1011"
}
]
},
"id": "VAR-199907-0014",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-11-22T23:12:12.797000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MS99-025",
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/MS99-025.asp"
},
{
"title": "MS98-004",
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/ms98-004.mspx"
},
{
"title": null,
"trust": 0.1,
"url": "https://www.theregister.co.uk/2021/05/21/boeing_747_ife_windows_nt4_shell_access/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-1999-1011"
},
{
"db": "JVNDB",
"id": "JVNDB-1999-000024"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-1999-000024"
},
{
"db": "NVD",
"id": "CVE-1999-1011"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "http://www.osvdb.org/272"
},
{
"trust": 3.5,
"url": "http://www.ciac.org/ciac/bulletins/j-054.shtml"
},
{
"trust": 2.9,
"url": "https://www.securityfocus.com/bid/529"
},
{
"trust": 2.1,
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-025"
},
{
"trust": 2.1,
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-004"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-1999-1011"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-1999-1011"
},
{
"trust": 0.6,
"url": "http://www.microsoft.com/technet/security/bulletin/ms99-025.asp"
},
{
"trust": 0.6,
"url": "http://www.microsoft.com/technet/security/bulletin/ms98-004.asp"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/3822"
},
{
"trust": 0.3,
"url": "http://www.securityfocus.com/level2/index.html?go=vulnerabilities\u0026id=286"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/technet/security/bulletin/fq99-025.asp"
},
{
"trust": 0.3,
"url": "http://support.microsoft.com/support/kb/articles/q184/3/75.asp"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/264.html"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=157"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/19424/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/db/modules/exploit/windows/iis/msadc"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-1999-1011"
},
{
"db": "BID",
"id": "529"
},
{
"db": "JVNDB",
"id": "JVNDB-1999-000024"
},
{
"db": "CNNVD",
"id": "CNNVD-199907-021"
},
{
"db": "NVD",
"id": "CVE-1999-1011"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-1999-1011"
},
{
"db": "BID",
"id": "529"
},
{
"db": "JVNDB",
"id": "JVNDB-1999-000024"
},
{
"db": "CNNVD",
"id": "CNNVD-199907-021"
},
{
"db": "NVD",
"id": "CVE-1999-1011"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "1999-07-19T00:00:00",
"db": "VULMON",
"id": "CVE-1999-1011"
},
{
"date": "1999-07-19T00:00:00",
"db": "BID",
"id": "529"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-1999-000024"
},
{
"date": "1999-07-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-199907-021"
},
{
"date": "1999-07-19T04:00:00",
"db": "NVD",
"id": "CVE-1999-1011"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-15T00:00:00",
"db": "VULMON",
"id": "CVE-1999-1011"
},
{
"date": "1999-07-19T00:00:00",
"db": "BID",
"id": "529"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-1999-000024"
},
{
"date": "2006-02-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-199907-021"
},
{
"date": "2024-11-20T23:30:04.047000",
"db": "NVD",
"id": "CVE-1999-1011"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199907-021"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MDAC In Microsoft IIS Vulnerability in arbitrary command execution on the system",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-1999-000024"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199907-021"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…