Microsoft MDAC RDS.Dataspace ActiveX Control Remote Code Execution Vulnerability

Bugtraq ID:	17462
Class:	Design Error
CVE:	CVE-2006-0003
Remote:	Yes
Local:	No
Published:	Apr 11 2006 12:00AM
Updated:	May 20 2008 04:04PM
Credit:	Golan Yosef and Stefano Meller are credited with the discovery of this vulnerability.
Vulnerable:	Microsoft MDAC 2.8 SP2 + Microsoft Windows 2000 Advanced Server SP4 + Microsoft Windows 2000 Advanced Server SP4 + Microsoft Windows 2000 Advanced Server SP3 + Microsoft Windows 2000 Advanced Server SP3 + Microsoft Windows 2000 Advanced Server SP2 + Microsoft Windows 2000 Advanced Server SP2 + Microsoft Windows 2000 Advanced Server SP1 + Microsoft Windows 2000 Advanced Server SP1 + Microsoft Windows 2000 Advanced Server + Microsoft Windows 2000 Advanced Server + Microsoft Windows 2000 Datacenter Server SP4 + Microsoft Windows 2000 Datacenter Server SP4 + Microsoft Windows 2000 Datacenter Server SP3 + Microsoft Windows 2000 Datacenter Server SP3 + Microsoft Windows 2000 Datacenter Server SP2 + Microsoft Windows 2000 Datacenter Server SP2 + Microsoft Windows 2000 Datacenter Server SP1 + Microsoft Windows 2000 Datacenter Server SP1 + Microsoft Windows 2000 Datacenter Server + Microsoft Windows 2000 Datacenter Server + Microsoft Windows 2000 Professional SP4 + Microsoft Windows 2000 Professional SP4 + Microsoft Windows 2000 Professional SP3 + Microsoft Windows 2000 Professional SP3 + Microsoft Windows 2000 Professional SP2 + Microsoft Windows 2000 Professional SP2 + Microsoft Windows 2000 Professional SP1 + Microsoft Windows 2000 Professional SP1 + Microsoft Windows 2000 Professional + Microsoft Windows 2000 Professional + Microsoft Windows 2000 Server SP4 + Microsoft Windows 2000 Server SP4 + Microsoft Windows 2000 Server SP3 + Microsoft Windows 2000 Server SP3 + Microsoft Windows 2000 Server SP2 + Microsoft Windows 2000 Server SP2 + Microsoft Windows 2000 Server SP1 + Microsoft Windows 2000 Server SP1 + Microsoft Windows 2000 Server + Microsoft Windows 2000 Server + Microsoft Windows Server 2003 Datacenter Edition + Microsoft Windows Server 2003 Datacenter Edition + Microsoft Windows Server 2003 Datacenter Edition Itanium 0 + Microsoft Windows Server 2003 Datacenter Edition Itanium 0 + Microsoft Windows Server 2003 Enterprise Edition + Microsoft Windows Server 2003 Enterprise Edition + Microsoft Windows Server 2003 Enterprise Edition Itanium 0 + Microsoft Windows Server 2003 Enterprise Edition Itanium 0 + Microsoft Windows Server 2003 Standard Edition + Microsoft Windows Server 2003 Standard Edition + Microsoft Windows Server 2003 Web Edition + Microsoft Windows Server 2003 Web Edition Microsoft MDAC 2.8 SP1 + Microsoft Windows 2000 Advanced Server SP4 + Microsoft Windows 2000 Advanced Server SP4 + Microsoft Windows 2000 Advanced Server SP4 + Microsoft Windows 2000 Advanced Server SP3 + Microsoft Windows 2000 Advanced Server SP3 + Microsoft Windows 2000 Advanced Server SP3 + Microsoft Windows 2000 Advanced Server SP2 + Microsoft Windows 2000 Advanced Server SP2 + Microsoft Windows 2000 Advanced Server SP2 + Microsoft Windows 2000 Advanced Server SP1 + Microsoft Windows 2000 Advanced Server SP1 + Microsoft Windows 2000 Advanced Server SP1 + Microsoft Windows 2000 Advanced Server + Microsoft Windows 2000 Advanced Server + Microsoft Windows 2000 Advanced Server + Microsoft Windows 2000 Datacenter Server SP4 + Microsoft Windows 2000 Datacenter Server SP4 + Microsoft Windows 2000 Datacenter Server SP4 + Microsoft Windows 2000 Datacenter Server SP3 + Microsoft Windows 2000 Datacenter Server SP3 + Microsoft Windows 2000 Datacenter Server SP3 + Microsoft Windows 2000 Datacenter Server SP2 + Microsoft Windows 2000 Datacenter Server SP2 + Microsoft Windows 2000 Datacenter Server SP2 + Microsoft Windows 2000 Datacenter Server SP1 + Microsoft Windows 2000 Datacenter Server SP1 + Microsoft Windows 2000 Datacenter Server SP1 + Microsoft Windows 2000 Datacenter Server + Microsoft Windows 2000 Datacenter Server + Microsoft Windows 2000 Datacenter Server + Microsoft Windows 2000 Professional SP4 + Microsoft Windows 2000 Professional SP4 + Microsoft Windows 2000 Professional SP4 + Microsoft Windows 2000 Professional SP3 + Microsoft Windows 2000 Professional SP3 + Microsoft Windows 2000 Professional SP3 + Microsoft Windows 2000 Professional SP2 + Microsoft Windows 2000 Professional SP2 + Microsoft Windows 2000 Professional SP2 + Microsoft Windows 2000 Professional SP1 + Microsoft Windows 2000 Professional SP1 + Microsoft Windows 2000 Professional SP1 + Microsoft Windows 2000 Professional + Microsoft Windows 2000 Professional + Microsoft Windows 2000 Professional + Microsoft Windows 2000 Server SP4 + Microsoft Windows 2000 Server SP4 + Microsoft Windows 2000 Server SP3 + Microsoft Windows 2000 Server SP3 + Microsoft Windows 2000 Server SP3 + Microsoft Windows 2000 Server SP2 + Microsoft Windows 2000 Server SP2 + Microsoft Windows 2000 Server SP2 + Microsoft Windows 2000 Server SP1 + Microsoft Windows 2000 Server SP1 + Microsoft Windows 2000 Server SP1 + Microsoft Windows 2000 Server + Microsoft Windows 2000 Server + Microsoft Windows 2000 Server + Microsoft Windows Server 2003 Datacenter Edition + Microsoft Windows Server 2003 Datacenter Edition + Microsoft Windows Server 2003 Datacenter Edition + Microsoft Windows Server 2003 Datacenter Edition Itanium 0 + Microsoft Windows Server 2003 Datacenter Edition Itanium 0 + Microsoft Windows Server 2003 Datacenter Edition Itanium 0 + Microsoft Windows Server 2003 Enterprise Edition + Microsoft Windows Server 2003 Enterprise Edition + Microsoft Windows Server 2003 Enterprise Edition + Microsoft Windows Server 2003 Enterprise Edition Itanium 0 + Microsoft Windows Server 2003 Enterprise Edition Itanium 0 + Microsoft Windows Server 2003 Enterprise Edition Itanium 0 + Microsoft Windows Server 2003 Standard Edition + Microsoft Windows Server 2003 Standard Edition + Microsoft Windows Server 2003 Standard Edition + Microsoft Windows Server 2003 Web Edition + Microsoft Windows Server 2003 Web Edition + Microsoft Windows Server 2003 Web Edition + Microsoft Windows XP 64-bit Edition + Microsoft Windows XP 64-bit Edition + Microsoft Windows XP Home SP2 + Microsoft Windows XP Home SP2 + Microsoft Windows XP Home SP1 + Microsoft Windows XP Home SP1 + Microsoft Windows XP Media Center Edition SP2 + Microsoft Windows XP Media Center Edition SP2 + Microsoft Windows XP Media Center Edition SP1 + Microsoft Windows XP Media Center Edition SP1 + Microsoft Windows XP Professional SP2 + Microsoft Windows XP Professional SP2 + Microsoft Windows XP Professional SP1 + Microsoft Windows XP Professional SP1 + Microsoft Windows XP Tablet PC Edition SP2 + Microsoft Windows XP Tablet PC Edition SP2 + Microsoft Windows XP Tablet PC Edition SP1 + Microsoft Windows XP Tablet PC Edition SP1 Microsoft MDAC 2.8 + Microsoft Windows 2000 Advanced Server SP4 + Microsoft Windows 2000 Advanced Server SP4 + Microsoft Windows 2000 Advanced Server SP3 + Microsoft Windows 2000 Advanced Server SP3 + Microsoft Windows 2000 Advanced Server SP2 + Microsoft Windows 2000 Advanced Server SP2 + Microsoft Windows 2000 Advanced Server SP1 + Microsoft Windows 2000 Advanced Server SP1 + Microsoft Windows 2000 Advanced Server + Microsoft Windows 2000 Advanced Server + Microsoft Windows 2000 Datacenter Server SP4 + Microsoft Windows 2000 Datacenter Server SP4 + Microsoft Windows 2000 Datacenter Server SP3 + Microsoft Windows 2000 Datacenter Server SP3 + Microsoft Windows 2000 Datacenter Server SP2 + Microsoft Windows 2000 Datacenter Server SP2 + Microsoft Windows 2000 Datacenter Server SP1 + Microsoft Windows 2000 Datacenter Server SP1 + Microsoft Windows 2000 Datacenter Server + Microsoft Windows 2000 Datacenter Server + Microsoft Windows 2000 Professional SP4 + Microsoft Windows 2000 Professional SP4 + Microsoft Windows 2000 Professional SP3 + Microsoft Windows 2000 Professional SP3 + Microsoft Windows 2000 Professional SP2 + Microsoft Windows 2000 Professional SP2 + Microsoft Windows 2000 Professional SP1 + Microsoft Windows 2000 Professional SP1 + Microsoft Windows 2000 Professional + Microsoft Windows 2000 Professional + Microsoft Windows 2000 Server SP4 + Microsoft Windows 2000 Server SP4 + Microsoft Windows 2000 Server SP3 + Microsoft Windows 2000 Server SP3 + Microsoft Windows 2000 Server SP2 + Microsoft Windows 2000 Server SP2 + Microsoft Windows 2000 Server SP1 + Microsoft Windows 2000 Server SP1 + Microsoft Windows 2000 Server + Microsoft Windows 2000 Server + Microsoft Windows Server 2003 Datacenter Edition + Microsoft Windows Server 2003 Datacenter Edition + Microsoft Windows Server 2003 Datacenter Edition Itanium 0 + Microsoft Windows Server 2003 Datacenter Edition Itanium 0 + Microsoft Windows Server 2003 Enterprise Edition + Microsoft Windows Server 2003 Enterprise Edition + Microsoft Windows Server 2003 Enterprise Edition Itanium 0 + Microsoft Windows Server 2003 Enterprise Edition Itanium 0 + Microsoft Windows Server 2003 Standard Edition + Microsoft Windows Server 2003 Standard Edition + Microsoft Windows Server 2003 Web Edition + Microsoft Windows Server 2003 Web Edition Microsoft MDAC 2.7 SP1 Microsoft MDAC 2.7 + Microsoft Windows XP Home SP1 + Microsoft Windows XP Home SP1 + Microsoft Windows XP Home SP1 + Microsoft Windows XP Media Center Edition SP1 + Microsoft Windows XP Media Center Edition SP1 + Microsoft Windows XP Media Center Edition SP1 + Microsoft Windows XP Professional SP1 + Microsoft Windows XP Professional SP1 + Microsoft Windows XP Professional SP1 + Microsoft Windows XP Tablet PC Edition SP1 + Microsoft Windows XP Tablet PC Edition SP1 Microsoft MDAC 2.5 SP3 Hitachi HITSENSER5 02-80 Hitachi HITSENSER5 01-10 Hitachi HITSENSER5 01-00 Hitachi DBPARTNER2 Client 01-12 Hitachi DBPARTNER2 Client 01-05 Hitachi DBPARTNER2 Client 01-00 Hitachi DBPARTNER ODBC 01-11 Hitachi DBPARTNER ODBC 01-06 Hitachi DBPARTNER ODBC 01-03 Hitachi DBPARTNER ODBC 01-00 Hitachi DA Broker for ODBC 01-02 Hitachi DA Broker for ODBC 01-00

Not Vulnerable: