Vulnerability Details : CVE-2006-0003
Public exploit exists!
Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors.
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2006-0003
Probability of exploitation activity in the next 30 days: 96.68%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2006-0003
-
MS06-014 Microsoft Internet Explorer COM CreateObject Code Execution
Disclosure Date: 2006-04-11First seen: 2020-04-26exploit/windows/browser/ie_createobjectThis module exploits a generic code execution vulnerability in Internet Explorer by abusing vulnerable ActiveX objects. Authors: - hdm <x@hdm.io>
CVSS scores for CVE-2006-0003
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
5.1
|
MEDIUM | AV:N/AC:H/Au:N/C:P/I:P/A:P |
4.9
|
6.4
|
NIST |
References for CVE-2006-0003
-
http://www.securityfocus.com/archive/1/475104/100/100/threaded
-
http://www.us-cert.gov/cas/techalerts/TA06-101A.html
Third Party Advisory;US Government Resource
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1778
-
https://www.exploit-db.com/exploits/2052
-
http://www.securityfocus.com/archive/1/487219/100/200/threaded
- http://www.securityfocus.com/data/vulnerabilities/exploits/0day_ie.pdf
-
http://www.securityfocus.com/archive/1/475490/100/100/threaded
-
http://www.kb.cert.org/vuls/id/234812
Third Party Advisory;US Government Resource
-
http://securitytracker.com/id?1015894
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-014
-
http://www.hitachi-support.com/security_e/vuls_e/HS06-013_e/01-e.html
-
http://www.hitachi-support.com/security_e/vuls_e/HS06-013_e/index-e.html
-
http://www.securityfocus.com/bid/17462
-
http://www.securityfocus.com/archive/1/487216/100/200/threaded
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/25006
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1204
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1511
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1323
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29915
-
http://www.vupen.com/english/advisories/2006/1319
-
http://www.securityfocus.com/archive/1/475118/100/100/threaded
-
http://www.vupen.com/english/advisories/2006/2452
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1742
-
https://www.exploit-db.com/exploits/2164
- http://www.securityfocus.com/bid/20797
-
http://www.securityfocus.com/archive/1/475108/100/100/threaded
Products affected by CVE-2006-0003
- cpe:2.3:a:microsoft:data_access_components:2.7:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:data_access_components:2.8:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:data_access_components:2.5:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:data_access_components:2.8:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:data_access_components:2.8:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:data_access_components:2.7:sp1:*:*:*:*:*:*