VAR-199907-0014
Vulnerability from variot - Updated: 2025-04-03 22:11The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands. Affected MDAC 1.5 and 2.0 Is Microsoft IIS alike Micorsoft Windows NT 4.0 Option Pack Included inMicrosoft IIS 3.x and 4.x On the server where is running MDAC If is installed, an arbitrary command may be executed. Both are included in a default installation of the Windows NT 4.0 Option Pack, but can be excluded via a custom installation. RDS includes a component called the DataFactory object, which has a vulnerability that could allow any web user to: --Obtain unauthorized access to unpublished files on the IIS server --Use MDAC to tunnel ODBC requests through to a remote internal or external location, thereby obtaining access to non-public servers or effectively masking the source of an attack on another network. The main risk in this vulnerability is the following: --If the Microsoft JET OLE DB Provider or Microsoft DataShape Provider are installed, a user could use the shell() VBA command on the server with System privileges. (See the Microsoft JET Database Engine VBA Vulnerability for more information). These two vulnerabilities combined can allow an attacker on the Internet to run arbitrary commands with System level privileges on the target host
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-199907-0014",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "index server",
"scope": "eq",
"trust": 1.9,
"vendor": "microsoft",
"version": "2.0"
},
{
"model": "data access components",
"scope": "eq",
"trust": 1.9,
"vendor": "microsoft",
"version": "2.0"
},
{
"model": "data access components",
"scope": "eq",
"trust": 1.9,
"vendor": "microsoft",
"version": "1.5"
},
{
"model": "site server",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": "data access components",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "2.1"
},
{
"model": "internet information server",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "internet information server",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": "iis",
"scope": "eq",
"trust": 1.1,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "iis",
"scope": "eq",
"trust": 1.1,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": "windows nt",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "4.0 (server)"
},
{
"model": "windows nt",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "4.0 (terminal_srv)"
},
{
"model": "site server commerce edition i386",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": "data access components upgrade",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2.1"
},
{
"model": "data access components clean",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2.1"
}
],
"sources": [
{
"db": "BID",
"id": "529"
},
{
"db": "JVNDB",
"id": "JVNDB-1999-000024"
},
{
"db": "CNNVD",
"id": "CNNVD-199907-021"
},
{
"db": "NVD",
"id": "CVE-1999-1011"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:iis",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_nt",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-1999-000024"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rain Forrest Puppy\u203b rfp@wiretrip.net",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199907-021"
}
],
"trust": 0.6
},
"cve": "CVE-1999-1011",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-1999-1011",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-1999-1011",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-1999-1011",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-199907-021",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-1999-1011",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-1999-1011"
},
{
"db": "JVNDB",
"id": "JVNDB-1999-000024"
},
{
"db": "CNNVD",
"id": "CNNVD-199907-021"
},
{
"db": "NVD",
"id": "CVE-1999-1011"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands. Affected MDAC 1.5 and 2.0 Is Microsoft IIS alike Micorsoft Windows NT 4.0 Option Pack Included inMicrosoft IIS 3.x and 4.x On the server where is running MDAC If is installed, an arbitrary command may be executed. Both are included in a default installation of the Windows NT 4.0 Option Pack, but can be excluded via a custom installation. \nRDS includes a component called the DataFactory object, which has a vulnerability that could allow any web user to:\n--Obtain unauthorized access to unpublished files on the IIS server\n--Use MDAC to tunnel ODBC requests through to a remote internal or external location, thereby obtaining access to non-public servers or effectively masking the source of an attack on another network. \nThe main risk in this vulnerability is the following:\n--If the Microsoft JET OLE DB Provider or Microsoft DataShape Provider are installed, a user could use the shell() VBA command on the server with System privileges. (See the Microsoft JET Database Engine VBA Vulnerability for more information). These two vulnerabilities combined can allow an attacker on the Internet to run arbitrary commands with System level privileges on the target host",
"sources": [
{
"db": "NVD",
"id": "CVE-1999-1011"
},
{
"db": "JVNDB",
"id": "JVNDB-1999-000024"
},
{
"db": "BID",
"id": "529"
},
{
"db": "VULMON",
"id": "CVE-1999-1011"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=19424",
"trust": 0.2,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-1999-1011"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "529",
"trust": 2.8
},
{
"db": "OSVDB",
"id": "272",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-1999-1011",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-1999-000024",
"trust": 0.8
},
{
"db": "MS",
"id": "MS98-004",
"trust": 0.6
},
{
"db": "MS",
"id": "MS99-025",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "3822",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-199907-021",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "19424",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-1999-1011",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-1999-1011"
},
{
"db": "BID",
"id": "529"
},
{
"db": "JVNDB",
"id": "JVNDB-1999-000024"
},
{
"db": "CNNVD",
"id": "CNNVD-199907-021"
},
{
"db": "NVD",
"id": "CVE-1999-1011"
}
]
},
"id": "VAR-199907-0014",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2025-04-03T22:11:33.686000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MS99-025",
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/MS99-025.asp"
},
{
"title": "MS98-004",
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/ms98-004.mspx"
},
{
"title": null,
"trust": 0.1,
"url": "https://www.theregister.co.uk/2021/05/21/boeing_747_ife_windows_nt4_shell_access/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-1999-1011"
},
{
"db": "JVNDB",
"id": "JVNDB-1999-000024"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-1999-000024"
},
{
"db": "NVD",
"id": "CVE-1999-1011"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.osvdb.org/272"
},
{
"trust": 2.5,
"url": "http://www.ciac.org/ciac/bulletins/j-054.shtml"
},
{
"trust": 1.9,
"url": "https://www.securityfocus.com/bid/529"
},
{
"trust": 1.1,
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-025"
},
{
"trust": 1.1,
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-004"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-1999-1011"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-1999-1011"
},
{
"trust": 0.6,
"url": "http://www.microsoft.com/technet/security/bulletin/ms99-025.asp"
},
{
"trust": 0.6,
"url": "http://www.microsoft.com/technet/security/bulletin/ms98-004.asp"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/3822"
},
{
"trust": 0.3,
"url": "http://www.securityfocus.com/level2/index.html?go=vulnerabilities\u0026id=286"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/technet/security/bulletin/fq99-025.asp"
},
{
"trust": 0.3,
"url": "http://support.microsoft.com/support/kb/articles/q184/3/75.asp"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/264.html"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=157"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/19424/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/db/modules/exploit/windows/iis/msadc"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-1999-1011"
},
{
"db": "BID",
"id": "529"
},
{
"db": "JVNDB",
"id": "JVNDB-1999-000024"
},
{
"db": "CNNVD",
"id": "CNNVD-199907-021"
},
{
"db": "NVD",
"id": "CVE-1999-1011"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-1999-1011"
},
{
"db": "BID",
"id": "529"
},
{
"db": "JVNDB",
"id": "JVNDB-1999-000024"
},
{
"db": "CNNVD",
"id": "CNNVD-199907-021"
},
{
"db": "NVD",
"id": "CVE-1999-1011"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "1999-07-19T00:00:00",
"db": "VULMON",
"id": "CVE-1999-1011"
},
{
"date": "1999-07-19T00:00:00",
"db": "BID",
"id": "529"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-1999-000024"
},
{
"date": "1999-07-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-199907-021"
},
{
"date": "1999-07-19T04:00:00",
"db": "NVD",
"id": "CVE-1999-1011"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-15T00:00:00",
"db": "VULMON",
"id": "CVE-1999-1011"
},
{
"date": "1999-07-19T00:00:00",
"db": "BID",
"id": "529"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-1999-000024"
},
{
"date": "2006-02-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-199907-021"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-1999-1011"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199907-021"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MDAC In Microsoft IIS Vulnerability in arbitrary command execution on the system",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-1999-000024"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199907-021"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…