Vulnerability Details : CVE-2002-1142
Public exploit exists!
Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.
Vulnerability category: OverflowExecute code
Products affected by CVE-2002-1142
- cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:data_access_components:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:data_access_components:2.5:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:data_access_components:2.6:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2002-1142
87.46%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2002-1142
-
MS02-065 Microsoft IIS MDAC msadcs.dll RDS DataStub Content-Type Overflow
Disclosure Date: 2002-11-02First seen: 2020-04-26exploit/windows/iis/ms02_065_msadcThis module can be used to execute arbitrary code on IIS servers that expose the /msadc/msadcs.dll Microsoft Data Access Components (MDAC) Remote Data Service (RDS) DataFactory service. The service is exploitable even when RDS is configured to deny remote con
CVSS scores for CVE-2002-1142
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2002-1142
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/10669
-
http://www.foundstone.com/knowledge/randd-advisories-display.html?id=337
-
http://www.kb.cert.org/vuls/id/542081
US Government Resource
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A294
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3573
-
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0082.html
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-065
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/10659
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2730
-
http://www.cert.org/advisories/CA-2002-33.html
Third Party Advisory;US Government Resource
-
http://www.securityfocus.com/bid/6214
Microsoft Data Access Components RDS Buffer Overflow Vulnerability
Jump to