| CNNVD-ID编号 | CNNVD-200604-146 | CVE编号 | CVE-2006-0003 |
| 发布时间 | 2006-04-11 | 更新时间 | 2009-09-05 |
| 漏洞类型 | 设计错误 | 漏洞来源 | Golan Yosef Stefano Meller Mirko Gatto |
| 危险等级 | 中危 | 威胁类型 | 远程 |
| 厂商 | microsoft | ||
Microsoft Windows是美国微软(Microsoft)公司发布的一系列操作系统。
Windows的RDS.Dataspace ActiveX实现上存在漏洞,远程攻击者可能利用此漏洞在获取主机的控制。
在某些情况下,MDAC所捆绑的RDS.Dataspace ActiveX控件无法确保能够进行安全的交互,导致远程代码执行漏洞,成功利用这个漏洞的攻击者可以完全控制受影响的系统。
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Microsoft MDAC 2.7 SP1
Microsoft Security Update for Microsoft Data Access Components 2.7 Service Pack 1 (KB911562)
For Windows 2000 SP 4 and Windows XP SP 1.
http://www.microsoft.com/downloads/details.aspx?familyid=0AA7C8B7-8417 -42D8-8E73-5466C03B8C65&displaylang=en
Microsoft Security Update for Windows XP (KB911562)
For Windows XP SP 1 and SP 2.
http://www.microsoft.com/downloads/details.aspx?familyid=2F9E772C-8122 -4027-A117-E93227B2C79F&displaylang=en
Microsoft MDAC 2.8 SP1
Microsoft Security Update for Microsoft Data Access Components 2.8 Service Pack 1 (KB911562)
For Windows 2000 SP 4.
http://www.microsoft.com/downloads/details.aspx?familyid=7358DA31-959C -4E3E-8115-51DC6D441365&displaylang=en
Microsoft Security Update for Windows XP (KB911562)
For Windows XP SP 1 and SP 2.
http://www.microsoft.com/downloads/details.aspx?familyid=2F9E772C-8122 -4027-A117-E93227B2C79F&displaylang=en
Microsoft MDAC 2.8 SP2
Microsoft Security Update for Windows Server 2003 (KB911562)
For Windows Server 2003 and Windows Server 2003 SP 1.
http://www.microsoft.com/downloads/details.aspx?familyid=39B29ED4-9B95 -4593-BCB6-4BB03CA5F8F1&displaylang=en
Microsoft Security Update for Windows Server 2003 for Itanium-based Systems (KB911562)
For Windows Server 2003 and Windows Server 2003 Service Pack 1 for Itanium-based Systems.
http://www.microsoft.com/downloads/details.aspx?familyid=4D2FE426-E34E -4192-8A0F-35E440E948E2&displaylang=en
Microsoft Security Update for Windows Server x64 Edition (KB911562)
http://www.microsoft.com/downloads/details.aspx?familyid=E237C2C7-9819 -437B-AB70-298BA62AC285&displaylang=en
Microsoft Security Update for Windows XP x64 Edition (KB911562)
For Windows XP x64 Edition.
http://www.microsoft.com/downloads/details.aspx?familyid=9C8B645D-0F01 -4B79-B6B3-55279BEDB944&displaylang=en
Microsoft MDAC 2.8
Microsoft Security Update for Microsoft Data Access Components 2.8 (KB911562)
For Windows 2000 SP 4 and Windows XP SP 1.
http://www.microsoft.com/downloads/details.aspx?familyid=2494B25D-452F -4025-8B67-41A5C840F7E2&displaylang=en
Microsoft Security Update for Windows Server 2003 (KB911562)
For Windows Server 2003 and Windows Server 2003 SP 1.
http://www.microsoft.com/downloads/details.aspx?familyid=39B29ED4-9B95 -4593-BCB6-4BB03CA5F8F1&displaylang=en
Microsoft Security Update for Windows Server 2003 for Itanium-based Systems (KB911562)
For Windows Server 2003 and Windows Server 2003 Service Pack 1 for Itanium-based Systems.
http://www.microsoft.com/downloads/details.aspx?familyid=4D2FE426-E34E -4192-8A0F-35E440E948E2&displaylang=en
Microsoft MDAC 2.5 SP3
Microsoft Security Update for Microsoft Data Access Components 2.5 Service Pack 3 (KB911562) - English
For Windows 2000 SP 4.
http://www.microsoft.com/downloads/details.aspx?familyid=1B3E6CB9-1EF2 -4BA1-A2F2-F87B717372FB&displaylang=en
来源: US-CERT
名称: TA06-101A
来源: US-CERT
名称: VU#234812
来源: BID
名称: 17462
来源: BUGTRAQ
名称: 20080128 Re: Exploit in IE6,7
链接:http://www.securityfocus.com/archive/1/archive/1/487219/100/200/threaded
来源: BUGTRAQ
名称: 20080128 Exploit in IE6,7
链接:http://www.securityfocus.com/archive/1/archive/1/487216/100/200/threaded
来源: MS
名称: MS06-014
链接:http://www.microsoft.com/technet/security/bulletin/ms06-014.mspx
来源: VUPEN
名称: ADV-2006-1319
来源: SECUNIA
名称: 19583
来源: XF
名称: ie-wscriptshell-command-execution(29915)
来源: XF
名称: mdac-rdsdataspace-execute-code(25006)
来源: MISC
链接:http://www.securityfocus.com/data/vulnerabilities/exploits/0day_ie.pdf
来源: BID
名称: 20797
来源: BUGTRAQ
名称: 20070731 Re: Exploit In Internet Explorer
链接:http://www.securityfocus.com/archive/1/archive/1/475490/100/100/threaded
来源: BUGTRAQ
名称: 20070730 RE: Exploit In Internet Explorer
链接:http://www.securityfocus.com/archive/1/archive/1/475118/100/100/threaded
来源: BUGTRAQ
名称: 20070730 Re: Exploit In Internet Explorer
链接:http://www.securityfocus.com/archive/1/archive/1/475108/100/100/threaded
来源: BUGTRAQ
名称: 20070729 Exploit In Internet Explorer
链接:http://www.securityfocus.com/archive/1/archive/1/475104/100/100/threaded
来源: OSVDB
名称: 24517
来源: MILW0RM
名称: 2164
来源: MILW0RM
名称: 2052
来源: www.hitachi-support.com
链接:http://www.hitachi-support.com/security_e/vuls_e/HS06-013_e/index-e.html
来源: www.hitachi-support.com
链接:http://www.hitachi-support.com/security_e/vuls_e/HS06-013_e/01-e.html
来源: VUPEN
名称: ADV-2006-2452
来源: SECTRACK
名称: 1015894
来源: SECUNIA
名称: 20719
来源: US Government Resource: oval:org.mitre.oval:def:1778
名称: oval:org.mitre.oval:def:1778
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1778
来源: US Government Resource: oval:org.mitre.oval:def:1742
名称: oval:org.mitre.oval:def:1742
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1742
来源: US Government Resource: oval:org.mitre.oval:def:1511
名称: oval:org.mitre.oval:def:1511
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1511
来源: US Government Resource: oval:org.mitre.oval:def:1323
名称: oval:org.mitre.oval:def:1323
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1323
计算
安全
数据库
网络和加速
企业服务
