===================================================================== CERT-Renater Note d'Information No. 2006/VULN164 _____________________________________________________________________ DATE : 12/04/2006 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Windows running MDAC 2.8 SP2 and prior. ====================================================================== =========================================================================== A U S C E R T A L E R T AL-2006.0024 -- AUSCERT ALERT [Win] Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution (911562) 12 April 2006 =========================================================================== AusCERT Alert Summary --------------------- Product: Microsoft Data Access Components (MDAC) 2.8 SP2 and prior Publisher: Microsoft Operating System: Windows Server 2003 R2 and prior Windows XP Service Pack 2 and prior Windows 2000 SP4 and prior Windows ME Windows 98SE Windows 98 Impact: Execute Arbitrary Code/Commands Access: Remote/Unauthenticated CVE Names: CVE-2006.0003 Original Bulletin: http://www.microsoft.com/technet/security/bulletin/ms06-014.mspx OVERVIEW: A vulnerability has been reported in Microsoft Data Access Componenets (MDAC) versions 2.8 SP2 and prior which allows execution of arbitrary code via the RDS.DataSpace ActiveX control[1]. IMPACT: Successful exploitation of this vulnerability may cause arbitrary code execution on the attacked system. MITIGATION: Administrators should deploy this patch as soon as possible. Where immediate deployment of this patch is not possible, setting the 'kill bit'[1] on this ActiveX control will prevent this ActiveX being loaded in Internet Explorer. The following information has been taken from the Microsoft Advisory for this issue: Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk. For example, to set the kill bit for a CLSID for this object, paste the following text in a text editor such as Notepad. Then, save the file by using the .reg file name extension. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BD96C556-65A3-11D0-983A-00C04FC29E36}]"Compatibility Flags"=dword: 00000400 See [2] for more information on preventing specific ActiveX controls from being loaded in Internet Explorer. REFERENCES: [1]. Microsoft Security Bulletin MS06-014: http://www.microsoft.com/technet/security/Bulletin/MS06-014.mspx [2]. How to stop an ActiveX control from running in Internet Explorer: http://support.microsoft.com/kb/240979 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be consideredin accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. If you believe that your computer system has been compromised or attackedin any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================