CVE-1999-1011

The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.osvdb.org/272
http://www.ciac.org/ciac/bulletins/j-054.shtml
https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-025
https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-004
https://www.securityfocus.com/bid/529

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:index_server:2.0:::::::*
	cpe:2.3:a:microsoft:internet_information_server:3.0:::::::*
	cpe:2.3:a:microsoft:data_access_components:2.0:::::::*
	cpe:2.3:a:microsoft:data_access_components:2.1:::::::*
	cpe:2.3:a:microsoft:data_access_components:1.5:::::::*
	cpe:2.3:a:microsoft:internet_information_server:4.0:::::::*
	cpe:2.3:a:microsoft:site_server:3.0:::::::*

Information

Published : 1999-07-18 21:00

Updated : 2018-10-15 11:29

NVD link : CVE-1999-1011

Mitre link : CVE-1999-1011

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Advertisement

Products Affected

microsoft

index_server
data_access_components
site_server
internet_information_server

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.osvdb.org/272", "name": "272", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.ciac.org/ciac/bulletins/j-054.shtml", "name": "J-054", "tags": [], "refsource": "CIAC"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-025", "name": "MS99-025", "tags": [], "refsource": "MS"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-004", "name": "MS98-004", "tags": [], "refsource": "MS"}, {"url": "https://www.securityfocus.com/bid/529", "name": "529", "tags": [], "refsource": "BID"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-1999-1011", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "1999-07-19T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:index_server:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:internet_information_server:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:data_access_components:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:data_access_components:2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:data_access_components:1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:internet_information_server:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:site_server:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-15T18:29Z"}