This policy has been updated to include detection of a newly discovered vulnerability in Microsoft Data Access Components (MDAC). MDAC ships by default with all versions of Windows 2000 and IIS web server.

Download ITA - IIS Vulnerable CGI Policy
Read ITA ISAPI Installation instructions

Affected Platforms

Windows 2000, Windows NT Agents

Description

Microsoft Data Access Components (MDAC) contains a buffer overflow in a Remote Data Services (RDS) component. The server side RDS component affected is called the RDS Data Stub, while the client side is called the Data Space control.

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code, or at the very least, cause a denial of service.

While this vulnerability affects Internet Explorer 6, Windows XP users are not at risk.

Policy rules include:

• MDAC Component Query
  CAN-2002-1142; BID 6214. Microsoft Data Access Components contain a buffer overflow in a Remote Data Services component. The server side RDS component affected is called the RDS Data Stub, while the client side is called the Data Space control.