ID

VAR-199907-0014


CVE

CVE-1999-1011


TITLE

MDAC In Microsoft IIS Vulnerability in arbitrary command execution on the system

Trust: 0.8

sources: JVNDB: JVNDB-1999-000024

DESCRIPTION

The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands. Affected MDAC 1.5 and 2.0 Is Microsoft IIS alike Micorsoft Windows NT 4.0 Option Pack Included inMicrosoft IIS 3.x and 4.x On the server where is running MDAC If is installed, an arbitrary command may be executed. Both are included in a default installation of the Windows NT 4.0 Option Pack, but can be excluded via a custom installation. RDS includes a component called the DataFactory object, which has a vulnerability that could allow any web user to: --Obtain unauthorized access to unpublished files on the IIS server --Use MDAC to tunnel ODBC requests through to a remote internal or external location, thereby obtaining access to non-public servers or effectively masking the source of an attack on another network. The main risk in this vulnerability is the following: --If the Microsoft JET OLE DB Provider or Microsoft DataShape Provider are installed, a user could use the shell() VBA command on the server with System privileges. (See the Microsoft JET Database Engine VBA Vulnerability for more information). These two vulnerabilities combined can allow an attacker on the Internet to run arbitrary commands with System level privileges on the target host

Trust: 1.98

sources: NVD: CVE-1999-1011 // JVNDB: JVNDB-1999-000024 // BID: 529 // VULMON: CVE-1999-1011

AFFECTED PRODUCTS

vendor:microsoftmodel:index serverscope:eqversion:2.0

Trust: 1.9

vendor:microsoftmodel:data access componentsscope:eqversion:2.0

Trust: 1.9

vendor:microsoftmodel:data access componentsscope:eqversion:1.5

Trust: 1.9

vendor:microsoftmodel:site serverscope:eqversion:3.0

Trust: 1.6

vendor:microsoftmodel:data access componentsscope:eqversion:2.1

Trust: 1.6

vendor:microsoftmodel:internet information serverscope:eqversion:4.0

Trust: 1.6

vendor:microsoftmodel:internet information serverscope:eqversion:3.0

Trust: 1.6

vendor:microsoftmodel:iisscope:eqversion:4.0

Trust: 1.1

vendor:microsoftmodel:iisscope:eqversion:3.0

Trust: 1.1

vendor:microsoftmodel:windows ntscope:eqversion:4.0 (server)

Trust: 0.8

vendor:microsoftmodel:windows ntscope:eqversion:4.0 (terminal_srv)

Trust: 0.8

vendor:microsoftmodel:site server commerce edition i386scope:eqversion:3.0

Trust: 0.3

vendor:microsoftmodel:data access components upgradescope:eqversion:2.1

Trust: 0.3

vendor:microsoftmodel:data access components cleanscope:eqversion:2.1

Trust: 0.3

sources: BID: 529 // JVNDB: JVNDB-1999-000024 // CNNVD: CNNVD-199907-021 // NVD: CVE-1999-1011

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-1999-1011
value: HIGH

Trust: 1.0

NVD: CVE-1999-1011
value: HIGH

Trust: 0.8

CNNVD: CNNVD-199907-021
value: CRITICAL

Trust: 0.6

VULMON: CVE-1999-1011
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-1999-1011
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

sources: VULMON: CVE-1999-1011 // JVNDB: JVNDB-1999-000024 // CNNVD: CNNVD-199907-021 // NVD: CVE-1999-1011

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.8

sources: JVNDB: JVNDB-1999-000024 // NVD: CVE-1999-1011

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-199907-021

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-199907-021

CONFIGURATIONS

sources: JVNDB: JVNDB-1999-000024

EXPLOIT AVAILABILITY

sources: VULMON: CVE-1999-1011

PATCH

title:MS99-025url:http://www.microsoft.com/technet/security/bulletin/MS99-025.asp

Trust: 0.8

title:MS98-004url:http://www.microsoft.com/technet/security/bulletin/ms98-004.mspx

Trust: 0.8

title: - url:https://www.theregister.co.uk/2021/05/21/boeing_747_ife_windows_nt4_shell_access/

Trust: 0.1

sources: VULMON: CVE-1999-1011 // JVNDB: JVNDB-1999-000024

EXTERNAL IDS

db:BIDid:529

Trust: 2.8

db:OSVDBid:272

Trust: 2.5

db:NVDid:CVE-1999-1011

Trust: 2.5

db:JVNDBid:JVNDB-1999-000024

Trust: 0.8

db:MSid:MS98-004

Trust: 0.6

db:MSid:MS99-025

Trust: 0.6

db:NSFOCUSid:3822

Trust: 0.6

db:CNNVDid:CNNVD-199907-021

Trust: 0.6

db:EXPLOIT-DBid:19424

Trust: 0.1

db:VULMONid:CVE-1999-1011

Trust: 0.1

sources: VULMON: CVE-1999-1011 // BID: 529 // JVNDB: JVNDB-1999-000024 // CNNVD: CNNVD-199907-021 // NVD: CVE-1999-1011

REFERENCES

url:http://www.osvdb.org/272

Trust: 3.5

url:http://www.ciac.org/ciac/bulletins/j-054.shtml

Trust: 3.5

url:https://www.securityfocus.com/bid/529

Trust: 2.9

url:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-025

Trust: 2.1

url:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-004

Trust: 2.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-1999-1011

Trust: 0.8

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-1999-1011

Trust: 0.8

url:http://www.microsoft.com/technet/security/bulletin/ms99-025.asp

Trust: 0.6

url:http://www.microsoft.com/technet/security/bulletin/ms98-004.asp

Trust: 0.6

url:http://www.nsfocus.net/vulndb/3822

Trust: 0.6

url:http://www.securityfocus.com/level2/index.html?go=vulnerabilities&id=286

Trust: 0.3

url:http://www.microsoft.com/technet/security/bulletin/fq99-025.asp

Trust: 0.3

url:http://support.microsoft.com/support/kb/articles/q184/3/75.asp

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/264.html

Trust: 0.1

url:http://tools.cisco.com/security/center/viewalert.x?alertid=157

Trust: 0.1

url:https://www.exploit-db.com/exploits/19424/

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.rapid7.com/db/modules/exploit/windows/iis/msadc

Trust: 0.1

sources: VULMON: CVE-1999-1011 // BID: 529 // JVNDB: JVNDB-1999-000024 // CNNVD: CNNVD-199907-021 // NVD: CVE-1999-1011

CREDITS

Rain Forrest Puppy※ rfp@wiretrip.net

Trust: 0.6

sources: CNNVD: CNNVD-199907-021

SOURCES

db:VULMONid:CVE-1999-1011
db:BIDid:529
db:JVNDBid:JVNDB-1999-000024
db:CNNVDid:CNNVD-199907-021
db:NVDid:CVE-1999-1011

LAST UPDATE DATE

2024-11-22T23:12:12.797000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-1999-1011date:2018-10-15T00:00:00
db:BIDid:529date:1999-07-19T00:00:00
db:JVNDBid:JVNDB-1999-000024date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-199907-021date:2006-02-20T00:00:00
db:NVDid:CVE-1999-1011date:2024-11-20T23:30:04.047

SOURCES RELEASE DATE

db:VULMONid:CVE-1999-1011date:1999-07-19T00:00:00
db:BIDid:529date:1999-07-19T00:00:00
db:JVNDBid:JVNDB-1999-000024date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-199907-021date:1999-07-19T00:00:00
db:NVDid:CVE-1999-1011date:1999-07-19T04:00:00