TITLE:
Microsoft Data Access Components RDS.Dataspace ActiveX
Vulnerability
SECUNIA ADVISORY ID:
SA19583
VERIFY ADVISORY:
http://secunia.c
om/advisories/19583/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
From remote
OPERATING SYSTEM:
Microsoft Windows 2000 Advanced Server
http://secunia.com/pro
duct/21/
Microsoft Windows 2000 Datacenter Server
http://secunia.com/p
roduct/1177/
Microsoft Windows 2000 Professional
http://secunia.com/prod
uct/1/
Microsoft Windows 2000 Server
http://secunia.com/pro
duct/20/
Microsoft Windows XP Home Edition
http://secunia.com/pro
duct/16/
Microsoft Windows XP Professional
http://secunia.com/pro
duct/22/
SOFTWARE:
Microsoft Data Access Components (MDAC) 2.x
http://secunia.com/p
roduct/1807/
DESCRIPTION:
A vulnerability has been reported in Microsoft Data Access
Components
(MDAC), which can be exploited by malicious people to
compromise a
vulnerable system.
The vulnerability is caused due to an unspecified error in
the
behaviour of the RDS.Dataspace ActiveX control as it fails
to
ensure
that it interacts safely with a web site.
SOLUTION:
Apply patches.
Microsoft Windows XP Service Pack 1 running Microsoft Data
Access
Components 2.7 Service Pack 1:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=2F9E772C-8122-4027-A11
7-E93227B2C79F
Microsoft Windows XP Service Pack 2 running Microsoft Data
Access
Components 2.8 Service Pack 1:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=2F9E772C-8122-4027-A11
7-E93227B2C79F
Microsoft Windows XP Professional x64 Edition running
Microsoft
Data
Access Components 2.8 Service Pack 2:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=9C8B645D-0F01-4B79-B6B
3-55279BEDB944
Microsoft Windows Server 2003 running Microsoft Data Access
Components 2.8:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=39B29ED4-9B95-4593-BCB
6-4BB03CA5F8F1
Microsoft Windows Server 2003 Service Pack 1 running
Microsoft
Data
Access Components 2.8 Service Pack 2:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=39B29ED4-9B95-4593-BCB
6-4BB03CA5F8F1
Microsoft Windows Server 2003 for Itanium-based Systems
running
Microsoft Data Access Components 2.8:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=4D2FE426-E34E-4192-8A0
F-35E440E948E2
Microsoft Windows Server 2003 with SP1 Itanium running
Microsoft Data
Access Components 2.8 Service Pack 2:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=4D2FE426-E34E-4192-8A0
F-35E440E948E2
Microsoft Windows Server 2003 x64 Edition running Microsoft
Data
Access Components 2.8 Service Pack 2:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=E237C2C7-9819-437B-AB7
0-298BA62AC285
Windows 2000 Service Pack 4 with Microsoft Data Access
Components 2.5
Service Pack 3 installed:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=1B3E6CB9-1EF2-4BA1-A2F
2-F87B717372FB
Windows 2000 Service Pack 4 with Microsoft Data Access
Components 2.7
Service Pack 1 installed:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=0AA7C8B7-8417-42D8-8E7
3-5466C03B8C65
Windows 2000 Service Pack 4 with Microsoft Data Access
Components 2.8
installed:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=2494B25D-452F-4025-8B6
7-41A5C840F7E2
Windows 2000 Service Pack 4 with Microsoft Data Access
Components 2.8
Service Pack 1 installed:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=7358DA31-959C-4E3E-811
5-51DC6D441365
Windows XP Service Pack 1 with Microsoft Data Access
Components
2.8
installed:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=2494B25D-452F-4025-8B6
7-41A5C840F7E2
ORIGINAL ADVISORY:
MS06-014 (KB911562):
http://www.microsoft.com/technet/security/Bullet
in/MS06-014.mspx
OTHER REFERENCES:
US-CERT VU#234812:
http://www.kb.c
ert.org/vuls/id/234812
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworks imagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
|