Info

Disclosure

Jul 19, 1999

Discovery

Unknown

Dates

Exploit

Jul 19, 1999

Solution

Unknown

Description

Microsoft Data Access Components (MDAC) contains a flaw that allows a remote attacker to access/query OLE database sources and potentially execute arbitrary commands. Due to a flaw in the way RDS DataFactory object requests are handled, a remote attacker can execute privileged commands without authentication.

Classification

Unknown or Incomplete

Solution

Upgrade to MDAC version 2.1 SP2 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Delete the /msadc virtual directory in IIS

Products

Microsoft Corporation	IIS	3.0
		4.0
	Index Server	2.0
	MDAC	1.5
		2.0
		2.1

References

ISS X-Force ID: 1212
CVE ID: 1999-1011 (see also: NVD)
Bugtraq ID: 529
Generic Informational URL: http://support.microsoft.com/default.aspx?scid=kb;[LN];184375
http://www.cert.org/incident_notes/IN-99-08.html
Vendor Specific Solution URL: http://www.microsoft.com/data/download.htm
Other Advisory URL: http://www.nipc.gov/warnings/advisories/1999/99-027.htm
http://www.wiretrip.net/rfp/txt/rfp9902.txt
http://xforce.iss.net/xforce/alerts/id/advise32
CIAC Advisory: j-054
Microsoft Security Bulletin: MS98-004 MS99-025

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

IIS

Index Server

MDAC

References

Credit