Vulnerability Details : CVE-2006-0003 (1 public exploit)

Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors.
Publish Date : 2006-04-11 Last Update Date : 2018-10-19

Collapse All Expand All Select Select&Copy	Scroll To Vendor Statements(0) Additional Vendor Data(0) OVAL Definitions(0) Vulnerable Products(0) # Of Vulns By Products References(0) Metasploit Modules(0)	Comments View User Comments Add Comment	External Links Secunia Advisories XForce Advisories Vulnerability Details at NVD Vulnerability Details at Mitre Nessus Plugins Linux Kernel Git Repository First CVSS Guide
Search Twitter Search YouTube Search Google

- CVSS Scores & Vulnerability Types

CVSS Score	5.1
Confidentiality Impact	Partial (There is considerable informational disclosure.)
Integrity Impact	Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability Impact	Partial (There is reduced performance or interruptions in resource availability.)
Access Complexity	High (Specialized access conditions exist. It is hard to exploit and several special conditions must be satisfied to exploit)
Authentication	Not required (Authentication is not required to exploit the vulnerability.)
Gained Access	User
Vulnerability Type(s)	Execute Code
CWE ID	CWE id is not defined for this vulnerability

- Related OVAL Definitions

Title	Definition Id	Family
Microsoft Windows 2000 Microsoft Data Access Components RDS.Dataspace Remote Code Execution Vulnerability	oval:org.mitre.oval:def:1778	windows
MS06-014: Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution (911562)	oval:gov.nist.fdcc.patch:def:341	windows
Server 2003 Microsoft Data Access Components RDS.Dataspace Remote Code Execution Vulnerability	oval:org.mitre.oval:def:1323	windows
Windows (S03,SP1/XP 64-bit) Microsoft Data Access Components RDS.Dataspace Remote Code Execution Vulnerability	oval:org.mitre.oval:def:1742	windows
WinXP,SP1 Microsoft Data Access Components RDS.Dataspace Remote Code Execution Vulnerability	oval:org.mitre.oval:def:1511	windows
WinXP,SP2 Microsoft Data Access Components RDS.Dataspace Remote Code Execution Vulnerability	oval:org.mitre.oval:def:1204	windows

OVAL (Open Vulnerability and Assessment Language) definitions define exactly what should be done to verify a vulnerability or a missing patch. Check out the OVAL definitions if you want to learn what you should do to verify a vulnerability.

- Products Affected By CVE-2006-0003

#	Product Type	Vendor	Product	Version	Update
1	Application	Microsoft	Data Access Components	2.5	SP3	Version Details Vulnerabilities
2	Application	Microsoft	Data Access Components	2.7		Version Details Vulnerabilities
3	Application	Microsoft	Data Access Components	2.7	SP1	Version Details Vulnerabilities
4	Application	Microsoft	Data Access Components	2.8	SP1	Version Details Vulnerabilities
5	Application	Microsoft	Data Access Components	2.8	SP2	Version Details Vulnerabilities
6	Application	Microsoft	Data Access Components	2.8		Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor	Product	Vulnerable Versions
Microsoft	Data Access Components	6

- References For CVE-2006-0003

https://www.exploit-db.com/exploits/2052
EXPLOIT-DB 2052

https://exchange.xforce.ibmcloud.com/vulnerabilities/25006
XF mdac-rdsdataspace-execute-code(25006)

https://exchange.xforce.ibmcloud.com/vulnerabilities/29915
XF ie-wscriptshell-command-execution(29915)

http://www.vupen.com/english/advisories/2006/2452
VUPEN ADV-2006-2452

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-014
MS MS06-014

http://www.vupen.com/english/advisories/2006/1319
VUPEN ADV-2006-1319

http://www.us-cert.gov/cas/techalerts/TA06-101A.html
CERT TA06-101A

http://www.securityfocus.com/bid/20797
BID 20797 Retired: Microsoft Internet Explorer Unspecified Code Execution Vulnerability Release Date:2006-11-02

Exploit! http://www.securityfocus.com/data/vulnerabilities/exploits/0day_ie.pdf

http://www.securityfocus.com/bid/17462
BID 17462 Microsoft MDAC RDS.Dataspace ActiveX Control Remote Code Execution Vulnerability Release Date:2008-05-20

http://www.securityfocus.com/archive/1/475490/100/100/threaded
BUGTRAQ 20070731 Re: Exploit In Internet Explorer

http://www.securityfocus.com/archive/1/487216/100/200/threaded
BUGTRAQ 20080128 Exploit in IE6,7

http://www.securityfocus.com/archive/1/487219/100/200/threaded
BUGTRAQ 20080128 Re: Exploit in IE6,7

http://securitytracker.com/id?1015894
SECTRACK 1015894

http://www.hitachi-support.com/security_e/vuls_e/HS06-013_e/01-e.html CONFIRM

http://www.hitachi-support.com/security_e/vuls_e/HS06-013_e/index-e.html CONFIRM

https://www.exploit-db.com/exploits/2164
EXPLOIT-DB 2164

http://www.securityfocus.com/archive/1/475104/100/100/threaded
BUGTRAQ 20070729 Exploit In Internet Explorer

http://www.securityfocus.com/archive/1/475108/100/100/threaded
BUGTRAQ 20070730 Re: Exploit In Internet Explorer

http://www.securityfocus.com/archive/1/475118/100/100/threaded
BUGTRAQ 20070730 RE: Exploit In Internet Explorer

http://www.kb.cert.org/vuls/id/234812
CERT-VN VU#234812

- Metasploit Modules Related To CVE-2006-0003

MS06-014 Microsoft Internet Explorer COM CreateObject Code Execution
This module exploits a generic code execution vulnerability in Internet Explorer by abusing vulnerable ActiveX objects. Module type : exploit Rank : excellent Platforms : Windows