Detections
Analytics

MS06-014: Vulnerability in MDAC Could Allow Code Execution (911562)

medium Nessus Plugin ID 21211

Language:

Synopsis

A local administrator could elevate his privileges on the remote host, through a flaw in the MDAC server.

Description

The remote Microsoft Data Access Component (MDAC) server is vulnerable to a flaw that could allow a local administrator to elevate his privileges to the 'system' level, thus gaining the complete control over the remote system.

Solution

Microsoft has released a set of patches for Windows 2000, XP and 2003.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2006/ms06-014

Plugin Details

Severity: Medium

ID: 21211

File Name: smb_nt_ms06-014.nasl

Version: 1.34

Type: local

Agent: windows

Published: 4/11/2006

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.2

CVSS v2

Risk Factor: Medium

Base Score: 5.1

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/11/2006

Vulnerability Publication Date: 4/11/2006

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (MS06-014 Microsoft Internet Explorer COM CreateObject Code Execution)

Reference Information

CVE: CVE-2006-0003

BID: 17462

MSFT: MS06-014

MSKB: 911562