The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote malicious users to execute arbitrary commands.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft index server 2.0 |
||
microsoft internet information server 3.0 |
||
microsoft data access components 2.0 |
||
microsoft data access components 2.1 |
||
microsoft data access components 1.5 |
||
microsoft internet information server 4.0 |
||
microsoft site server 3.0 |
In-flight entertainment system ran Windows NT4 – and almost defied access attempts
Researchers from infosec biz Pen Test Partners established a persistent shell on an in-flight entertainment (IFE) system from a Boeing 747 airliner after exploiting a vulnerability dating back to 1999. It's an attack that's more of a curiosity than anything else: it's too difficult to pull off during an actual flight, and it's rare these days to see a 747 passenger service, anyway. "Pwning it was more of a challenge than we expected, mostly because the IFE was 25 years old and was missing many f...