Metasploit modules that can be used to exploit Microsoft » Index Server
-
MS01-033 Microsoft IIS 5.0 IDQ Path Overflow
Disclosure Date: 2001-06-18First seen: 2020-04-26exploit/windows/iis/ms01_033_idqThis module exploits a stack buffer overflow in the IDQ ISAPI handler for Microsoft Index Server. Authors: - MC <mc@metasploit.com> -
MS99-025 Microsoft IIS MDAC msadcs.dll RDS Arbitrary Remote Command Execution
Disclosure Date: 1998-07-17First seen: 2020-04-26exploit/windows/iis/msadcThis module can be used to execute arbitrary commands on IIS servers that expose the /msadc/msadcs.dll Microsoft Data Access Components (MDAC) Remote Data Service (RDS) DataFactory service using VbBusObj or AdvancedDataFactory to inject shell commands into Microsoft Access databases (MDBs), MSSQL databases and ODBC/JET Data Source Name (DSN). Based on the msadcs.pl v2 exploit by Rain.Forest.Puppy, which was actively used in the wild in the late Ninties. MDAC versions affected include MDAC 1.5, 2.0, 2.0 SDK, 2.1 and systems with the MDAC Sample Pages for RDS installed, and NT4 Servers with the NT Option Pack installed or upgraded 2000 systems often running IIS3/4/5 however some vulnerable installations can still be found on newer Windows operating systems. Note that newer releases of msadcs.dll can still be abused however by default remote connections to the RDS is denied. Consider using VERBOSE if you're unable to successfully execute a command, as the error messages are detailed and useful for debugging. Also set NAME to obtain the remote hostname, and METHOD to use the alternative VbBusObj technique. Authors: - aushack <patrick@osisecurity.com.au>
2 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers.
Visit metasploit web site for more details