Microsoft Data Access Components Vulnerability Report

Added on - Sep 2019

Trusted by 2+ million users,
1000+ happy students everyday
Showing pages 1 to 2 of 5 pages
Table of Contents
Executive Summary...................................................................1
Technical description................................................................1
Attack Vector..................................................................................1
Mitigation.......................................................................................2
Remediation...................................................................................3
Exploitation Scenario.......................................................................3
Executive Summary
A vulnerability was discovered in the first quarter of 2006. The vulnerability was found in the
Microsoft Data Access Components or MDAC. This vulnerability was privately reported to
Microsoft and much of the details surrounding it did not see much publication surrounding it.
Microsoft designated this vulnerability as critical and immediately started working on the
solution. The vulnerability allows an attacker to execute code remotely and gain access to the
computer. This paper talks about the vulnerability and then proceeds to talk about the Attack
Vector. The exploitation scenario will be detailed and will then talk about mitigating the
vulnerability as well as possible remediation techniques.
Technical description
Attack Vector
This vulnerability existed in the Microsoft Data Access Components or MDAC that allowed
remote attackers to execute code remotely. The affected systems include Microsoft 98,
Millennium Edition, Microsoft XP, 2000 as well as Windows Server 2003. However,
Microsoft rated impact severity of Windows Server 2003 as ‘moderate’ instead of ‘critical’
compared to others. In poorly written application that supports MDAC, it would allow
attackers to execute code remotely and exploit this vulnerability fully. If a user is logged in
with Administrator rights in these operating systems, then an attacker who exploited this
vulnerability successfully would completely be able to take control of the system. He could
install programs, change or view data or even delete data and create other accounts among
with a host of other activities. Users whose accounts are configured with less rights may be
less affected than with users with more rights.
Desklib Logo
You are reading a preview
Upload your documents to download or

Become a Desklib member to get access