Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-1999-1011

Published: 19/07/1999 Updated: 15/10/2018
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Index Server

Vulnerability Summary

The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote malicious users to execute arbitrary commands.

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft index server 2.0

microsoft internet information server 3.0

microsoft data access components 2.0

microsoft data access components 2.1

microsoft data access components 1.5

microsoft internet information server 4.0

microsoft site server 3.0

Exploits

Exploit DB: Microsoft Data Access Components (MDAC) 2.1 / Microsoft IIS 3.0/4.0 / Microsoft Index Server 2.0 / Microsoft Site Server Commerce Edition 3.0 i386 MDAC - RDS (1)
source: wwwsecurityfocuscom/bid/529/info MDAC (Microsoft Data Access Components) is a package used to integrate web and database services It includes a component named RDS (Remote Data Services) RDS allows remote access via the internet to database objects through IIS Both are included in a default installation of the Windows NT 40 Op ...
Exploit DB: Microsoft Data Access Components (MDAC) 2.1 / Microsoft IIS 3.0/4.0 / Microsoft Index Server 2.0 / Microsoft Site Server Commerce Edition 3.0 i386 MDAC - RDS (2)
source: wwwsecurityfocuscom/bid/529/info MDAC (Microsoft Data Access Components) is a package used to integrate web and database services It includes a component named RDS (Remote Data Services) RDS allows remote access via the internet to database objects through IIS Both are included in a default installation of the Windows NT 40 O ...

Recent Articles

Here's how we got persistent shell access on a Boeing 747 – Pen Test Partners
The Register • Gareth Corfield • 21 May 2021

In-flight entertainment system ran Windows NT4 – and almost defied access attempts

Researchers from infosec biz Pen Test Partners established a persistent shell on an in-flight entertainment (IFE) system from a Boeing 747 airliner after exploiting a vulnerability dating back to 1999. It's an attack that's more of a curiosity than anything else: it's too difficult to pull off during an actual flight, and it's rare these days to see a 747 passenger service, anyway. "Pwning it was more of a challenge than we expected, mostly because the IFE was 25 years old and was missing many f...

Read more...

References

CWE-264http://www.osvdb.org/272http://www.ciac.org/ciac/bulletins/j-054.shtmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-025https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-004https://www.securityfocus.com/bid/529https://nvd.nist.govhttps://www.theregister.co.uk/2021/05/21/boeing_747_ife_windows_nt4_shell_access/https://www.exploit-db.com/exploits/19424/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32886insecure direct object referenceCVE-2024-34342file inclusionCVE-2024-34562CVE-2024-34347CVE-2024-26026CVE-2024-4647unprivileged
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook