CVE-2006-0003

Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors.

CVSS v2.0 5.1 MEDIUM

5.1^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:H/Au:N/C:P/I:P/A:P

Exploitability : 4.9 / Impact : 6.4

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.us-cert.gov/cas/techalerts/TA06-101A.html	Third Party Advisory US Government Resource
http://www.kb.cert.org/vuls/id/234812	Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/17462
http://secunia.com/advisories/19583	Vendor Advisory
http://securitytracker.com/id?1015894
http://www.hitachi-support.com/security_e/vuls_e/HS06-013_e/01-e.html
http://www.hitachi-support.com/security_e/vuls_e/HS06-013_e/index-e.html
http://secunia.com/advisories/20719
http://www.osvdb.org/24517
http://www.securityfocus.com/data/vulnerabilities/exploits/0day_ie.pdf
http://www.securityfocus.com/bid/20797
http://www.vupen.com/english/advisories/2006/1319
http://www.vupen.com/english/advisories/2006/2452
https://exchange.xforce.ibmcloud.com/vulnerabilities/29915
https://exchange.xforce.ibmcloud.com/vulnerabilities/25006
https://www.exploit-db.com/exploits/2164
https://www.exploit-db.com/exploits/2052
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1778
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1742
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1511
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1323
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1204
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-014
http://www.securityfocus.com/archive/1/487219/100/200/threaded
http://www.securityfocus.com/archive/1/487216/100/200/threaded
http://www.securityfocus.com/archive/1/475490/100/100/threaded
http://www.securityfocus.com/archive/1/475118/100/100/threaded
http://www.securityfocus.com/archive/1/475108/100/100/threaded
http://www.securityfocus.com/archive/1/475104/100/100/threaded

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:data_access_components:2.5:sp3::::::
	cpe:2.3:a:microsoft:data_access_components:2.8:::::::*
	cpe:2.3:a:microsoft:data_access_components:2.8:sp1::::::
	cpe:2.3:a:microsoft:data_access_components:2.8:sp2::::::
	cpe:2.3:a:microsoft:data_access_components:2.7:::::::*
	cpe:2.3:a:microsoft:data_access_components:2.7:sp1::::::

Information

Published : 2006-04-11 17:02

Updated : 2018-10-19 08:41

NVD link : CVE-2006-0003

Mitre link : CVE-2006-0003

JSON object : View

CWE

NVD-CWE-noinfo

Products Affected

microsoft

data_access_components

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html", "name": "TA06-101A", "tags": ["Third Party Advisory", "US Government Resource"], "refsource": "CERT"}, {"url": "http://www.kb.cert.org/vuls/id/234812", "name": "VU#234812", "tags": ["Third Party Advisory", "US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://www.securityfocus.com/bid/17462", "name": "17462", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/19583", "name": "19583", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://securitytracker.com/id?1015894", "name": "1015894", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.hitachi-support.com/security_e/vuls_e/HS06-013_e/01-e.html", "name": "http://www.hitachi-support.com/security_e/vuls_e/HS06-013_e/01-e.html", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.hitachi-support.com/security_e/vuls_e/HS06-013_e/index-e.html", "name": "http://www.hitachi-support.com/security_e/vuls_e/HS06-013_e/index-e.html", "tags": [], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/20719", "name": "20719", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.osvdb.org/24517", "name": "24517", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.securityfocus.com/data/vulnerabilities/exploits/0day_ie.pdf", "name": "http://www.securityfocus.com/data/vulnerabilities/exploits/0day_ie.pdf", "tags": [], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/20797", "name": "20797", "tags": [], "refsource": "BID"}, {"url": "http://www.vupen.com/english/advisories/2006/1319", "name": "ADV-2006-1319", "tags": [], "refsource": "VUPEN"}, {"url": "http://www.vupen.com/english/advisories/2006/2452", "name": "ADV-2006-2452", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29915", "name": "ie-wscriptshell-command-execution(29915)", "tags": [], "refsource": "XF"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25006", "name": "mdac-rdsdataspace-execute-code(25006)", "tags": [], "refsource": "XF"}, {"url": "https://www.exploit-db.com/exploits/2164", "name": "2164", "tags": [], "refsource": "EXPLOIT-DB"}, {"url": "https://www.exploit-db.com/exploits/2052", "name": "2052", "tags": [], "refsource": "EXPLOIT-DB"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1778", "name": "oval:org.mitre.oval:def:1778", "tags": [], "refsource": "OVAL"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1742", "name": "oval:org.mitre.oval:def:1742", "tags": [], "refsource": "OVAL"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1511", "name": "oval:org.mitre.oval:def:1511", "tags": [], "refsource": "OVAL"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1323", "name": "oval:org.mitre.oval:def:1323", "tags": [], "refsource": "OVAL"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1204", "name": "oval:org.mitre.oval:def:1204", "tags": [], "refsource": "OVAL"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-014", "name": "MS06-014", "tags": [], "refsource": "MS"}, {"url": "http://www.securityfocus.com/archive/1/487219/100/200/threaded", "name": "20080128 Re: Exploit in IE6,7", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/487216/100/200/threaded", "name": "20080128 Exploit in IE6,7", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/475490/100/100/threaded", "name": "20070731 Re: Exploit In Internet Explorer", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/475118/100/100/threaded", "name": "20070730 RE: Exploit In Internet Explorer", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/475108/100/100/threaded", "name": "20070730 Re: Exploit In Internet Explorer", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/475104/100/100/threaded", "name": "20070729 Exploit In Internet Explorer", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-0003", "ASSIGNER": "secure@microsoft.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2006-04-12T00:02Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:data_access_components:2.5:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:data_access_components:2.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:data_access_components:2.8:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:data_access_components:2.8:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:data_access_components:2.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:data_access_components:2.7:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-19T15:41Z"}

5.1 /10