Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-0003 — Microsoft Data Access Components vulnerability

7 documents5 sources

Severity

5.1MEDIUMNVD

EPSS

91.6%

top 0.32%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Data Access Components

Timeline

PublishedApr 12

Latest updateMay 1

Description

Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages1 packages

▶NVDmicrosoft/data_access_components2.5, 2.7, 2.8+2

🔴Vulnerability Details

GHSA

GHSA-74jf-rm92-m939: Unspecified vulnerability in the RDS↗2022-05-01

▶

CVEList

CVE-2006-0003: Unspecified vulnerability in the RDS↗2006-04-12

▶

VulnCheck

Microsoft Data Access Components (MDAC) RDS.Dataspace ActiveX Control Vulnerability↗2006

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Internet Explorer - COM CreateObject Code Execution (MS06-014/MS06-073) (Metasploit)↗2010-09-20

▶

Exploit-DB

Microsoft Internet Explorer - 'MDAC' Remote Code Execution (MS06-014) (Metasploit) (2)↗2006-08-10

▶

Exploit-DB

Microsoft Internet Explorer - MDAC Remote Code Execution (MS06-014)↗2006-07-21

▶