Content
(MS06-014) Microsoft Data Access Components (MDAC) Function Could Allow Code Execution
- Type
- Misconfiguration
- Impact of exploitation
- Remote Code Execution
- User Interaction
- user interaction is needed
- Attack Vector
- Website with malicious content
- Rating
- High
- CVE reference
- CAN-2006-0003,
- Vendor Status
- Responded and patched
- Vulnerable systems
- Windows XP SP1,
- Windows XP SP2,
- Windows 2003 SP0 - SP1,
- Windows 2000 SP4,
- Microsoft Data Access Components 2.8,
- Microsoft Data Access Components 2.5,
- Microsoft Data Access Components 2.6,
- Microsoft Data Access Components 2.7,
- Summary
- A vulnerability in Microsoft Data Access Components could allow for remote code execution through visitation of a malicious website or through a malicious email.
Tab Navigation
Description
Microsoft Data Access Components (MDAC) is a component of the Microsoft Windows operating system that enables data transfer to and from a data source and destination. A remote code execution vulnerability is present in some versions of MDAC. An attacker could exploit this issue by crafting a malicious e-mail or web page that when viewed by a user would result in execution of arbitrary code on the target system. This vulnerability is a result of an ActiveX control included with MDAC being improperly exposed to web site and e-mail content. Affected software: Microsoft Windows Server 2003 Service Pack 1 with MDAC 2.8 Service Pack 2 Microsoft Windows Server 2003 Service Pack 0 with MDAC 2.8 Service Pack 0 Microsoft Windows XP Service Pack 2 with MDAC 2.7 Service Pack 1 Microsoft Windows XP Service Pack 1 with MDAC 2.8 Service Pack 0 Microsoft Windows XP Service Pack 1 with MDAC 2.7 Service Pack 1 Microsoft Windows 2000 Service Pack 4 with MDAC 2.8 Service Pack 1 Microsoft Windows 2000 Service Pack 4 with MDAC 2.8 Service Pack 0 Microsoft Windows 2000 Service Pack 4 with MDAC 2.7 Service Pack 1 Microsoft Windows 2000 Service Pack 4 with MDAC 2.5 Service Pack 3 For more information see: http://www.microsoft.com/technet/security/bulletin/MS06-014.mspx
McAfee Product Mitigation & Recommendations
Recommendations
Install the patch from Microsoft (KB911562): http://www.microsoft.com/technet/security/bulletin/MS06-014.mspx
McAfee Product Mitigation
McAfee Foundstone
This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.
- Signature:
- (MS06-014) Microsoft Data Access Components (MDAC) Function Could Allow Code Execution
- Signature identifier:
- 4371
- Release date:
- 4/11/2006
- First released in:
McAfee Intrushield
The following Intrushield signature covers exploitation of this vulnerability. We have found that Intrushield is not protecting against all known exploits of this vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.
- Signature:
- MS06-014 Microsoft Windows MDAC Vulnerability
- Signature identifier:
- 0x4022B400
- Release date:
- 4/11/2006
- First released in:
- Sigset 3.1.11
McAfee Host IPS
This signature provides coverage for this vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.
- Signature:
- MDAC Code Execution Vulnerability
- Signature identifier:
- 3748
- Release date:
- 4/11/2006
- First released in:
- security content update 402
Additional Resources
Microsoft Security Bulletin: Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution (911562)
http://www.microsoft.com/technet/security/bulletin/ms06-014.mspx
All Information
Timeline -
10/31/2006
Exploit code has been released.
7/21/2006
Exploit code has been released.
4/11/2006
Vendor has provided a patch.
Description -
Microsoft Data Access Components (MDAC) is a component of the Microsoft Windows operating system that enables data transfer to and from a data source and destination. A remote code execution vulnerability is present in some versions of MDAC. An attacker could exploit this issue by crafting a malicious e-mail or web page that when viewed by a user would result in execution of arbitrary code on the target system. This vulnerability is a result of an ActiveX control included with MDAC being improperly exposed to web site and e-mail content. Affected software: Microsoft Windows Server 2003 Service Pack 1 with MDAC 2.8 Service Pack 2 Microsoft Windows Server 2003 Service Pack 0 with MDAC 2.8 Service Pack 0 Microsoft Windows XP Service Pack 2 with MDAC 2.7 Service Pack 1 Microsoft Windows XP Service Pack 1 with MDAC 2.8 Service Pack 0 Microsoft Windows XP Service Pack 1 with MDAC 2.7 Service Pack 1 Microsoft Windows 2000 Service Pack 4 with MDAC 2.8 Service Pack 1 Microsoft Windows 2000 Service Pack 4 with MDAC 2.8 Service Pack 0 Microsoft Windows 2000 Service Pack 4 with MDAC 2.7 Service Pack 1 Microsoft Windows 2000 Service Pack 4 with MDAC 2.5 Service Pack 3 For more information see: http://www.microsoft.com/technet/security/bulletin/MS06-014.mspx
McAfee Product Mitigation & Recommendations
Recommendations -
Install the patch from Microsoft (KB911562): http://www.microsoft.com/technet/security/bulletin/MS06-014.mspx
McAfee Product Mitigation
McAfee Foundstone
This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.
- Signature:
- (MS06-014) Microsoft Data Access Components (MDAC) Function Could Allow Code Execution
- Signature identifier:
- 4371
- Release date:
- 4/11/2006
- First released in:
McAfee Intrushield
The following Intrushield signature covers exploitation of this vulnerability. We have found that Intrushield is not protecting against all known exploits of this vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.
- Signature:
- MS06-014 Microsoft Windows MDAC Vulnerability
- Signature identifier:
- 0x4022B400
- Release date:
- 4/11/2006
- First released in:
- Sigset 3.1.11
McAfee Host IPS
This signature provides coverage for this vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.
- Signature:
- MDAC Code Execution Vulnerability
- Signature identifier:
- 3748
- Release date:
- 4/11/2006
- First released in:
- security content update 402
Additional Resources
Additional Resources -
Microsoft Security Bulletin: Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution (911562)
http://www.microsoft.com/technet/security/bulletin/ms06-014.mspx
