Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

   


   


   

















      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [SA19583] Microsoft Data Access Components RDS.Dataspace ActiveX Vulnerability



> 
> 
> TITLE:
> Microsoft Data Access Components RDS.Dataspace ActiveX Vulnerability
> 
> SECUNIA ADVISORY ID:
> SA19583
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/19583/
> 
> CRITICAL:
> Highly critical
> 
> IMPACT:
> System access
> 
> WHERE:
> From remote
> 
> OPERATING SYSTEM:
> Microsoft Windows 2000 Advanced Server
> http://secunia.com/product/21/
> Microsoft Windows 2000 Datacenter Server
> http://secunia.com/product/1177/
> Microsoft Windows 2000 Professional
> http://secunia.com/product/1/
> Microsoft Windows 2000 Server
> http://secunia.com/product/20/
> Microsoft Windows XP Home Edition
> http://secunia.com/product/16/
> Microsoft Windows XP Professional
> http://secunia.com/product/22/
> 
> SOFTWARE:
> Microsoft Data Access Components (MDAC) 2.x
> http://secunia.com/product/1807/
> 
> DESCRIPTION:
> A vulnerability has been reported in Microsoft Data Access Components
> (MDAC), which can be exploited by malicious people to compromise a
> vulnerable system.
> 
> The vulnerability is caused due to an unspecified error in the
> behaviour of the RDS.Dataspace ActiveX control as it fails to ensure
> that it interacts safely with a web site.
> 
> SOLUTION:
> Apply patches.
> 
> Microsoft Windows XP Service Pack 1 running Microsoft Data Access
> Components 2.7 Service Pack 1:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=2F9E7
> 72C-8122-4027-A117-E93227B2C79F
> 
> Microsoft Windows XP Service Pack 2 running Microsoft Data Access
> Components 2.8 Service Pack 1:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=2F9E7
> 72C-8122-4027-A117-E93227B2C79F
> 
> Microsoft Windows XP Professional x64 Edition running Microsoft Data
> Access Components 2.8 Service Pack 2:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=9C8B6
> 45D-0F01-4B79-B6B3-55279BEDB944
> 
> Microsoft Windows Server 2003 running Microsoft Data Access
> Components 2.8:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=39B29
> ED4-9B95-4593-BCB6-4BB03CA5F8F1
> 
> Microsoft Windows Server 2003 Service Pack 1 running Microsoft Data
> Access Components 2.8 Service Pack 2:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=39B29
> ED4-9B95-4593-BCB6-4BB03CA5F8F1
> 
> Microsoft Windows Server 2003 for Itanium-based Systems running
> Microsoft Data Access Components 2.8:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=4D2FE
> 426-E34E-4192-8A0F-35E440E948E2
> 
> Microsoft Windows Server 2003 with SP1 Itanium running Microsoft Data
> Access Components 2.8 Service Pack 2:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=4D2FE
> 426-E34E-4192-8A0F-35E440E948E2
> 
> Microsoft Windows Server 2003 x64 Edition running Microsoft Data
> Access Components 2.8 Service Pack 2:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=E237C
> 2C7-9819-437B-AB70-298BA62AC285
> 
> Windows 2000 Service Pack 4 with Microsoft Data Access Components 2.5
> Service Pack 3 installed:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=1B3E6
> CB9-1EF2-4BA1-A2F2-F87B717372FB
> 
> Windows 2000 Service Pack 4 with Microsoft Data Access Components 2.7
> Service Pack 1 installed:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=0AA7C
> 8B7-8417-42D8-8E73-5466C03B8C65
> 
> Windows 2000 Service Pack 4 with Microsoft Data Access Components 2.8
> installed:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=2494B
> 25D-452F-4025-8B67-41A5C840F7E2
> 
> Windows 2000 Service Pack 4 with Microsoft Data Access Components 2.8
> Service Pack 1 installed:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=7358D
> A31-959C-4E3E-8115-51DC6D441365
> 
> Windows XP Service Pack 1 with Microsoft Data Access Components 2.8
> installed:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=2494B
> 25D-452F-4025-8B67-41A5C840F7E2
> 
> PROVIDED AND/OR DISCOVERED BY:
> The vendor credits:
> * Golan Yosef, Finjan.
> * Stefano Meller and Mirko Gatto, Yarix.
> 
> ORIGINAL ADVISORY:
> MS06-014 (KB911562):
> http://www.microsoft.com/technet/security/Bulletin/MS06-014.mspx
> 
> OTHER REFERENCES:
> US-CERT VU#234812:
> http://www.kb.cert.org/vuls/id/234812
> 
> 



 




Copyright © Lexa Software, 1996-2009.