CVE-1999-1011
Microsoft Data Access Components (MDAC) 2.1 / Microsoft IIS 3.0/4.0 / Microsoft Index Server 2.0 / Microsoft Site Server Commerce Edition 3.0 i386 MDAC - RDS
Severity Score
10.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 1999-07-19 CVE Published
- 1999-07-19 First Exploit
- 1999-12-21 CVE Reserved
- 2024-02-08 EPSS Updated
- 2024-08-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (8)
URL | Tag | Source |
---|---|---|
http://www.ciac.org/ciac/bulletins/j-054.shtml | Government Resource | |
http://www.osvdb.org/272 | Vdb Entry | |
https://www.securityfocus.com/bid/529 | Vdb Entry | |
- |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/19425 | 1999-07-19 | |
https://www.exploit-db.com/exploits/19424 | 1999-07-19 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Microsoft Search vendor "Microsoft" | Data Access Components Search vendor "Microsoft" for product "Data Access Components" | 1.5 Search vendor "Microsoft" for product "Data Access Components" and version "1.5" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Data Access Components Search vendor "Microsoft" for product "Data Access Components" | 2.0 Search vendor "Microsoft" for product "Data Access Components" and version "2.0" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Data Access Components Search vendor "Microsoft" for product "Data Access Components" | 2.1 Search vendor "Microsoft" for product "Data Access Components" and version "2.1" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Index Server Search vendor "Microsoft" for product "Index Server" | 2.0 Search vendor "Microsoft" for product "Index Server" and version "2.0" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Internet Information Server Search vendor "Microsoft" for product "Internet Information Server" | 3.0 Search vendor "Microsoft" for product "Internet Information Server" and version "3.0" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Internet Information Server Search vendor "Microsoft" for product "Internet Information Server" | 4.0 Search vendor "Microsoft" for product "Internet Information Server" and version "4.0" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Site Server Search vendor "Microsoft" for product "Site Server" | 3.0 Search vendor "Microsoft" for product "Site Server" and version "3.0" | - |
Affected
|