CVE-2006-0003
published 2006-04-12CVE-2006-0003: Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access…
PriorityP271medium5.1CVSS 2.0
AVNACHAuNCPIPAP
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
82.50%
99.6th percentile
Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | data_access_components | — | — |
| microsoft | data_access_components | — | — |
| microsoft | data_access_components | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect instantiation of the vulnerable RDS.DataSpace / RDS.DataControl ActiveX CLSID {BD96C556-65A3-11D0-983A-00C04FC29E36} via HTML object tag or script in Internet Explorer ↗
- →Monitor for ADODB.Stream objects being created via a vulnerable ActiveX broker (df.CreateObject) followed by SaveToFile calls writing executables to the TEMP directory ↗
- →Alert on exploit kit traffic delivering MS06-014 payloads; iPack crimeware kit is known to bundle this CVE alongside PDF exploits targeting Windows platforms ↗
- →Detect use of WScript.Shell and Shell.Application objects spawned through the RDS.DataSpace ActiveX broker, which is the execution chain used by exploit code for this CVE ↗
- →Flag HTTP responses serving application/octet-stream payloads to IE6 clients (ua_maxver 6.1) immediately after delivery of HTML pages referencing the vulnerable CLSIDs ↗
- ·A second variant CLSID {BD96C556-65A3-11D0-983A-00C04FC29E30} (last octet 30 vs 36) was found in the wild in the mpack exploit kit and should be included in detection rules alongside the primary CLSID ↗
- ·Affected MDAC versions are 2.7 and 2.8; the vulnerability resides specifically in the RDS.Dataspace ActiveX control contained within ADO/MDAC ↗
CVSS provenance
nvdv2.05.1MEDIUMAV:N/AC:H/Au:N/C:P/I:P/A:P
vulncheck5.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-74jf-rm92-m939: Unspecified vulnerability in the RDS
ghsa_unreviewed·2022-05-01
CVE-2006-0003 [MEDIUM] GHSA-74jf-rm92-m939: Unspecified vulnerability in the RDS
Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors.
VulnCheck
Microsoft Data Access Components (MDAC) RDS.Dataspace ActiveX Control Vulnerability
vulncheck·2006·CVSS 5.1
CVE-2006-0003 [MEDIUM] Microsoft Data Access Components (MDAC) RDS.Dataspace ActiveX Control Vulnerability
Microsoft Data Access Components (MDAC) RDS.Dataspace ActiveX Control Vulnerability
Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors.
Affected: Microsoft data_access_components
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.virusbulletin.com/virusbulletin/2010/05/exploit-kit-explosion-part-two-vectors-attack/; https://web.archive.org/web/20110827052151/http://community.websense.com/blogs/securitylabs/archive/2011/04/21/presley-walker
No detection rules found.
Exploit-DB
Microsoft Internet Explorer - COM CreateObject Code Execution (MS06-014/MS06-073) (Metasploit)
exploitdb·2010-09-20
CVE-2006-4704 Microsoft Internet Explorer - COM CreateObject Code Execution (MS06-014/MS06-073) (Metasploit)
Microsoft Internet Explorer - COM CreateObject Code Execution (MS06-014/MS06-073) (Metasploit)
---
##
# $Id: ie_createobject.rb 10394 2010-09-20 08:06:27Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 HttpClients::IE,
# In badly misconfigured situations, IE7 and 8 could be vulnerable to
# this, but by default they throw an ugly popup that stops all script
# execution until the user deals with it and aborts everything if they
# click "no". Not worth the risk of being unable to try more recent
# exploits. Make sure service packs on t
Exploit-DB
Microsoft Internet Explorer - 'MDAC' Remote Code Execution (MS06-014) (Metasploit) (2)
exploitdb·2006-08-10
CVE-2006-0003 Microsoft Internet Explorer - 'MDAC' Remote Code Execution (MS06-014) (Metasploit) (2)
Microsoft Internet Explorer - 'MDAC' Remote Code Execution (MS06-014) (Metasploit) (2)
---
##
# This file is part of the Metasploit Framework and may be redistributed
# according to the licenses defined in the Authors field below. In the
# case of an unknown or missing license, this file defaults to the same
# license as the core Framework (dual GPLv2 and Artistic). The latest
# version of the Framework can always be obtained from metasploit.com.
##
package Msf::Exploit::ie_createobject;
use strict;
use base "Msf::Exploit";
use Pex::Text;
use IO::Socket::INET;
use IPC::Open3;
my $advanced =
{
'Gzip' => [1, 'Enable gzip content encoding'],
'Chunked' => [1, 'Enable chunked transfer encoding'],
};
my $info =
{
'Name' => 'Internet Explorer COM CreateObject Code Execution',
'Version' => '
Exploit-DB
Microsoft Internet Explorer - MDAC Remote Code Execution (MS06-014)
exploitdb·2006-07-21
CVE-2006-0003 Microsoft Internet Explorer - MDAC Remote Code Execution (MS06-014)
Microsoft Internet Explorer - MDAC Remote Code Execution (MS06-014)
---
#!/bin/sh -
"exec" "python" "-O" "$0" "$@"
__doc__ = """[BL4CK] - MS06-014
RDS.DataStore - Data Execution
CVS-2006-0003
MS06-014
April 2006
*** this is a bit out-dated, but works very well ***
Usage: ./bl4ck_ms06_014.py http://omfg.what.ho.st/~user/stage2.exe index.html
Now upload index.html to the same webserver hosting your
http://omfg.what.ho.st/~user/stage2.exe
- [email protected]
"""
__version__ = "1.0"
import sys, random
class MS06014:
__version = "'[BL4CK] MS06-014 " + __version__ + "\r\n"
__html = """
on error resume next
BL4CK_PAYLOAD
[BL4CK] || 404 Not Found
Not Found
pwn3d!!
location.href='http://google.com' -->
"""
__payload = """
' due to how ajax works, the file M
Metasploit
MS06-014 Microsoft Internet Explorer COM CreateObject Code Execution
metasploit
MS06-014 Microsoft Internet Explorer COM CreateObject Code Execution
MS06-014 Microsoft Internet Explorer COM CreateObject Code Execution
This module exploits a generic code execution vulnerability in Internet Explorer by abusing vulnerable ActiveX objects.
Krebs
iPack Exploit Kit Bites Windows Users
blogs_krebs·2010-04-16·CVSS 5.1
[MEDIUM] iPack Exploit Kit Bites Windows Users
Not long ago, there were only a handful of serious so-called “exploit packs,” crimeware packages that make it easy for hackers to booby-trap Web sites with code that installs malicious software.
These days, however, it seems like we’re hearing about a new custom exploit kit every week. Part of the reason for this may be that more enterprising hackers are seeing the moneymaking potential of these offerings, which range from a few hundred dollars per kit to upwards of $10,000 per installation — depending on the features and plugins requested.
Take, for example, the iPack crimeware kit, an exploit pack that starts at around $500.
Its name and cute logo aside, iPack has nothing to do with Apple’s products. According to Jorge Mieres over at the Malware Intelligence blog, the software vulnera
Krebs
iPack Exploit Kit Bites Windows Users – Krebs on Security
blogs_krebs·2010-04-01·CVSS 5.1
[MEDIUM] iPack Exploit Kit Bites Windows Users – Krebs on Security
Not long ago, there were only a handful of serious so-called “exploit packs,” crimeware packages that make it easy for hackers to booby-trap Web sites with code that installs mal icious soft ware .
These days, however, it seems like we’re hearing about a new custom exploit kit every week. Part of the reason for this may be that more enterprising hackers are seeing the moneymaking potential of these offerings, which range from a few hundred dollars per kit to upwards of $10,000 per installation — depending on the features and plugins requested.
Take, for example, the iPack crimeware kit, an exploit pack that starts at around $500.
Its name and cute logo aside, iPack has nothing to do with Apple’ s products. According to Jorge Mieres over at the Malware Intelligence blog , the software vu
http://secunia.com/advisories/19583http://secunia.com/advisories/20719http://securitytracker.com/id?1015894http://www.hitachi-support.com/security_e/vuls_e/HS06-013_e/01-e.htmlhttp://www.hitachi-support.com/security_e/vuls_e/HS06-013_e/index-e.htmlhttp://www.kb.cert.org/vuls/id/234812http://www.osvdb.org/24517http://www.securityfocus.com/archive/1/475104/100/100/threadedhttp://www.securityfocus.com/archive/1/475108/100/100/threadedhttp://www.securityfocus.com/archive/1/475118/100/100/threadedhttp://www.securityfocus.com/archive/1/475490/100/100/threadedhttp://www.securityfocus.com/archive/1/487216/100/200/threadedhttp://www.securityfocus.com/archive/1/487219/100/200/threadedhttp://www.securityfocus.com/bid/17462http://www.securityfocus.com/bid/20797http://www.securityfocus.com/data/vulnerabilities/exploits/0day_ie.pdfhttp://www.us-cert.gov/cas/techalerts/TA06-101A.htmlhttp://www.vupen.com/english/advisories/2006/1319http://www.vupen.com/english/advisories/2006/2452https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-014https://exchange.xforce.ibmcloud.com/vulnerabilities/25006https://exchange.xforce.ibmcloud.com/vulnerabilities/29915https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1204https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1323https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1511https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1742https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1778https://www.exploit-db.com/exploits/2052https://www.exploit-db.com/exploits/2164http://secunia.com/advisories/19583http://secunia.com/advisories/20719http://securitytracker.com/id?1015894http://www.hitachi-support.com/security_e/vuls_e/HS06-013_e/01-e.htmlhttp://www.hitachi-support.com/security_e/vuls_e/HS06-013_e/index-e.htmlhttp://www.kb.cert.org/vuls/id/234812http://www.osvdb.org/24517http://www.securityfocus.com/archive/1/475104/100/100/threadedhttp://www.securityfocus.com/archive/1/475108/100/100/threadedhttp://www.securityfocus.com/archive/1/475118/100/100/threadedhttp://www.securityfocus.com/archive/1/475490/100/100/threadedhttp://www.securityfocus.com/archive/1/487216/100/200/threadedhttp://www.securityfocus.com/archive/1/487219/100/200/threadedhttp://www.securityfocus.com/bid/17462http://www.securityfocus.com/bid/20797http://www.securityfocus.com/data/vulnerabilities/exploits/0day_ie.pdfhttp://www.us-cert.gov/cas/techalerts/TA06-101A.htmlhttp://www.vupen.com/english/advisories/2006/1319http://www.vupen.com/english/advisories/2006/2452https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-014https://exchange.xforce.ibmcloud.com/vulnerabilities/25006https://exchange.xforce.ibmcloud.com/vulnerabilities/29915https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1204https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1323https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1511https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1742https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1778https://www.exploit-db.com/exploits/2052https://www.exploit-db.com/exploits/2164
2006-04-12
Published
Exploited in the wild