Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-1999-1011

CWE-2646 documents4 sources

Severity

10.0CRITICAL

EPSS

79.3%

top 0.93%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Data Access Components Microsoft Index Server Microsoft Internet Information Server +1 more

Timeline

PublishedJul 19

Latest updateApr 30

Description

The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages4 packages

▶NVDmicrosoft/data_access_components1.5, 2.0, 2.1+2

▶NVDmicrosoft/site_server3.0

▶NVDmicrosoft/index_server2.0

▶NVDmicrosoft/internet_information_server3.0, 4.0+1

🔴Vulnerability Details

GHSA

GHSA-qcm7-2qvw-4c58: The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3↗2022-04-30

▶

CVEList

CVE-1999-1011: The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3↗2000-06-02

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Data Access Components (MDAC) 2.1 / Microsoft IIS 3.0/4.0 / Microsoft Index Server 2.0 / Microsoft Site Server Commerce Edition 3.0 i386 MDAC - RDS (2)↗1999-07-19

▶

Exploit-DB

Microsoft Data Access Components (MDAC) 2.1 / Microsoft IIS 3.0/4.0 / Microsoft Index Server 2.0 / Microsoft Site Server Commerce Edition 3.0 i386 MDAC - RDS (1)↗1999-07-19

▶

Exploit-DB

UNICOS 9/MAX 1.3/mk 1.5 / AIX 4.2 / libc 5.2.18 / RedHat 4 / IRIX 6 / Slackware 3 - NLS (1)↗1997-02-13

▶