The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Data_access_components | Microsoft | 1.5 (including) | 1.5 (including) |
| Data_access_components | Microsoft | 2.0 (including) | 2.0 (including) |
| Data_access_components | Microsoft | 2.1 (including) | 2.1 (including) |
| Index_server | Microsoft | 2.0 (including) | 2.0 (including) |
| Internet_information_server | Microsoft | 3.0 (including) | 3.0 (including) |
| Internet_information_server | Microsoft | 4.0 (including) | 4.0 (including) |
| Site_server | Microsoft | 3.0 (including) | 3.0 (including) |
References
- http://www.ciac.org/ciac/bulletins/j-054.shtml
- http://www.osvdb.org/272
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-004
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-025
- https://www.securityfocus.com/bid/529
- http://www.ciac.org/ciac/bulletins/j-054.shtml
- http://www.osvdb.org/272
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-004
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-025
- https://www.securityfocus.com/bid/529