OSVDB ID: 24517

Title: Microsoft Data Access Components RDS.Dataspace ActiveX Remote Code Execution

Info

Disclosure

Apr 11, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Microsoft RDS.Dataspace ActiveX control, which is distributed with Microsoft Data Access Components, contains a flaw that may allow an attacker to execute code in the context of the user visiting a malicious web page. No further details have been provided.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Microsoft has released a patch to address this issue. Additionally, it is possible to correct the flaw by implementing the following workaround(s): disable execution of activeX controls in Internet Explorer

Products

Microsoft Corporation	MDAC	2.8
		2.7
		2.7 SP1
		2.5 SP3
		2.8 SP2
		2.8 SP1

References

Security Tracker: 1015894
Bugtraq ID: 17462
Secunia Advisory ID: 19583 20719
CVE ID: 2006-0003 (see also: NVD)
Milw0rm: 2052
Exploit Database: 2052
Metasploit ID: 24517
Microsoft Knowledge Base Article: 911562
Generic Exploit URL: http://metasploit.com/projects/Framework/exploits.html#ie_createobject
http://www.metasploit.com
http://www.securityfocus.com/data/vulnerabilities/exploits/bl4ck_ms06_014.py
Vendor Specific Advisory URL: http://www.hitachi-support.com/security_e/vuls_e/HS06-013_e/index-e.html
Keyword: MDAC
Microsoft Security Bulletin: MS06-014

Credit

Golan Yosef - Finjan
Stefano Meller - Yarix
Mirko Gatto - Yarix

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

MDAC

References

Credit