Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
(AV:N/AC:H/Au:N/C:P/I:P/A:P)
Производитель ПО
Наименование ПО
Microsoft Windows MDAC
(2.5 SP3, 2.7 SP1, 2.8, 2.8 SP1, 2.8 SP2)
Microsoft Updates
(KB911562, KB927779, SP2)
Описание
Уязвимость удаленного запуска кода присутствует в элементе ActiveX RDS.Dataspace, входящем в состав набора данных ActiveX Data Objects (ADO), распространяемого вместе с компонентами MDAC. Воспользовавшись этой уязвимостью, злоумышленник может захватить полный контроль над системой.
Как исправить
Используйте рекомендации производителя:
http://www.microsoft.com/technet/security/Bulletin/MS06-014.mspx
http://www.microsoft.com/technet/security/Bulletin/MS06-014.mspx
Ссылки
MS (MS06-014): http://www.microsoft.com/technet/security/bulletin/ms06-014.mspx
CERT (TA06-101A): http://www.us-cert.gov/cas/techalerts/TA06-101A.html
CERT-VN (VU#234812): http://www.kb.cert.org/vuls/id/234812
BID (17462): http://www.securityfocus.com/bid/17462
FRSIRT (ADV-2006-1319): http://www.frsirt.com/english/advisories/2006/1319
SECTRACK (1015894): http://securitytracker.com/id?1015894
http://www.hitachi-support.com/security_e/vuls_e/HS06-013_e/01-e.html
http://www.hitachi-support.com/security_e/vuls_e/HS06-013_e/index-e.html
FRSIRT (ADV-2006-2452): http://www.frsirt.com/english/advisories/2006/2452
OSVDB (24517): http://www.osvdb.org/24517
OVAL (oval:org.mitre.oval:def:1204): http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1204
OVAL (oval:org.mitre.oval:def:1323): http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1323
OVAL (oval:org.mitre.oval:def:1511): http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1511
OVAL (oval:org.mitre.oval:def:1742): http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1742
OVAL (oval:org.mitre.oval:def:1778): http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1778
http://www.securityfocus.com/data/vulnerabilities/exploits/0day_ie.pdf
BID (20797): http://www.securityfocus.com/bid/20797
XF (mdac-rdsdataspace-execute-code(25006)): http://xforce.iss.net/xforce/xfdb/25006
XF (ie-wscriptshell-command-execution(29915)): http://xforce.iss.net/xforce/xfdb/29915
CERT (TA06-101A): http://www.us-cert.gov/cas/techalerts/TA06-101A.html
CERT-VN (VU#234812): http://www.kb.cert.org/vuls/id/234812
BID (17462): http://www.securityfocus.com/bid/17462
FRSIRT (ADV-2006-1319): http://www.frsirt.com/english/advisories/2006/1319
SECTRACK (1015894): http://securitytracker.com/id?1015894
http://www.hitachi-support.com/security_e/vuls_e/HS06-013_e/01-e.html
http://www.hitachi-support.com/security_e/vuls_e/HS06-013_e/index-e.html
FRSIRT (ADV-2006-2452): http://www.frsirt.com/english/advisories/2006/2452
OSVDB (24517): http://www.osvdb.org/24517
OVAL (oval:org.mitre.oval:def:1204): http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1204
OVAL (oval:org.mitre.oval:def:1323): http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1323
OVAL (oval:org.mitre.oval:def:1511): http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1511
OVAL (oval:org.mitre.oval:def:1742): http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1742
OVAL (oval:org.mitre.oval:def:1778): http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1778
http://www.securityfocus.com/data/vulnerabilities/exploits/0day_ie.pdf
BID (20797): http://www.securityfocus.com/bid/20797
XF (mdac-rdsdataspace-execute-code(25006)): http://xforce.iss.net/xforce/xfdb/25006
XF (ie-wscriptshell-command-execution(29915)): http://xforce.iss.net/xforce/xfdb/29915