[Microsoft Alert] Microsoft Security Bulletin MS06-014

Vulnerability in the Microsoft Data Access Components (MDAC)

Function Could Allow Code Execution (911562)

Issued: April 11, 2006

Version: 1.0

Summary

Who should read this document: Customers who use Microsoft

Windows

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Recommendation: Customers should apply the update immediately.

Security Update Replacement: None.

Vulnerability Details:

A remote code execution vulnerability exists in the RDS.Dataspace

ActiveX control that is provided as part of the ActiveX Data Objects

(ADO) and that is distributed in MDAC. An attacker who successfully

exploited this vulnerability could take complete control of an affected

system.

Affected Software:

Microsoft Windows XP Service Pack 1 running Microsoft Data Access

Components 2.7 Service Pack 1

Microsoft Windows XP Service Pack 2 running Microsoft Data Access

Components 2.8 Service Pack 1

Microsoft Windows XP Professional x64 Edition running Microsoft Data

Access Components 2.8 Service Pack 2

Microsoft Windows Server 2003 running Microsoft Data Access

Components 2.8

Microsoft Windows Server 2003 Service Pack 1 running Microsoft Data

Access Components 2.8 Service Pack 2

Microsoft Windows Server 2003 for Itanium-based Systems running

Microsoft Data Access Components 2.8

Microsoft Windows Server 2003 with SP1 for Itanium-based Systems

running Microsoft Data Access Components 2.8 Service Pack 2

Microsoft Windows Server 2003 x64 Edition running Microsoft Data

Access Components 2.8 Service Pack 2

Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE),

and Microsoft Windows Millennium Edition (ME)

References:http://www.microsoft.com/security/bulletins/current.mspx (Microsoft Security Updates)