HTTP: IIS "msadcs.dll" Probe
This signature detects attempts to access msadc libraries in Microsoft IIS. Attackers can obtain and use sensitive information to plan future, more targeted attacks.
Extended Description
MDAC (Microsoft Data Access Components) is a package used to integrate web and database services. It includes a component named RDS (Remote Data Services). RDS allows remote access via the internet to database objects through IIS. Both are included in a default installation of the Windows NT 4.0 Option Pack, but can be excluded via a custom installation. RDS includes a component called the DataFactory object, which has a vulnerability that could allow any web user to: --Obtain unauthorized access to unpublished files on the IIS server --Use MDAC to tunnel ODBC requests through to a remote internal or external location, thereby obtaining access to non-public servers or effectively masking the source of an attack on another network. The main risk in this vulnerability is the following: --If the Microsoft JET OLE DB Provider or Microsoft DataShape Provider are installed, a user could use the shell() VBA command on the server with System privileges. (See the Microsoft JET Database Engine VBA Vulnerability for more information). These two vulnerabilities combined can allow an attacker on the Internet to run arbitrary commands with System level privileges on the target host.
Affected Products
Microsoft data_access_components_(mdac)
Short Name
HTTP:IIS:MSADC-PROBE
Severity
Warning
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
"msadcs.dll" CVE-1999-1011 IIS Probe bid:529
Release Date
04/25/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Microsoft
CVSS Score
10.0