Signature Detail
Short Name |
HTTP:MS-MDAC-RCE |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft MDAC Components Remote Code Execution |
Release Date |
2012/12/02 |
Update Number |
2207 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Microsoft MDAC Components Remote Code Execution
This signature detects attempts to exploit a known vulnerability against Microsoft MDAC components. A successful attack can lead to arbitrary code execution.
Extended Description
The Microsoft MDAC RDS.Dataspace ActiveX control is vulnerable to remote code execution. An attacker could exploit this issue to execute code in the context of the user visiting a malicious web page.
Affected Products
- Hitachi DA Broker for ODBC 01-00
- Hitachi DA Broker for ODBC 01-02
- Hitachi DBPARTNER2 Client 01-00
- Hitachi DBPARTNER2 Client 01-05
- Hitachi DBPARTNER2 Client 01-12
- Hitachi DBPARTNER ODBC 01-00
- Hitachi DBPARTNER ODBC 01-03
- Hitachi DBPARTNER ODBC 01-06
- Hitachi DBPARTNER ODBC 01-11
- Hitachi HITSENSER5 01-00
- Hitachi HITSENSER5 01-10
- Hitachi HITSENSER5 02-80
- Microsoft Data Access Components (MDAC) 2.5 SP3
- Microsoft Data Access Components (MDAC) 2.7
- Microsoft Data Access Components (MDAC) 2.7 SP1
- Microsoft Data Access Components (MDAC) 2.8
- Microsoft Data Access Components (MDAC) 2.8 SP1
- Microsoft Data Access Components (MDAC) 2.8 SP2
References
- BugTraq: 17462
- CVE: CVE-2006-0003
- URL: http://www.microsoft.com/technet/security/bulletin/MS06-014.mspx