Windows MDAC RDS.Dataspace ActiveX control vulnerability

Added: 07/16/2007
CVE: CVE-2006-0003
BID: 17462
OSVDB: 24517

Background

Microsoft Data Access Components (MDAC) enable Universal Data Access in Windows applications deployed over a network.

Problem

A cross-zone scripting vulnerability in the RDS.Dataspace ActiveX control in MDAC allows command execution when a user loads a specially crafted web page.

Resolution

Apply the update referenced in Microsoft Security Bulletin 06-014.

References

http://www.kb.cert.org/vuls/id/234812

Limitations

On Windows 2000, MDAC must be installed.

Platforms

Windows

Back to exploit index