CVE-1999-1011

Microsoft Data Access Components - Remote Code Execution via RDS DataFactory

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-1999-1011. PoCs published by rain forest puppy, Wanderley J. Abreu Jr, including Metasploit module exploits/windows/iis/msadc.

AI-analyzed exploit summary This Perl script exploits CVE-1999-1011, a vulnerability in Microsoft Data Access Components (MDAC) RDS, allowing arbitrary command execution via the DataFactory or VbBusObj objects. It automates the process of querying and exploiting vulnerable systems, including UNC path support and Index Server table dumps.

Description

The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands.

Exploits (3)

exploitdb WORKING POC VERIFIED
by rain forest puppy · perlremotewindows
https://www.exploit-db.com/exploits/19424

This Perl script exploits CVE-1999-1011, a vulnerability in Microsoft Data Access Components (MDAC) RDS, allowing arbitrary command execution via the DataFactory or VbBusObj objects. It automates the process of querying and exploiting vulnerable systems, including UNC path support and Index Server table dumps.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Data Access Components (MDAC) with RDS, Windows NT 4.0 Option Pack
No auth needed
Prerequisites: Target must have MDAC with RDS enabled · Access to vulnerable IIS server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Wanderley J. Abreu Jr · textlocalwindows
https://www.exploit-db.com/exploits/19425

This is a technical writeup describing the RDS (Remote Data Services) vulnerability in Microsoft Data Access Components (MDAC), which allows unauthorized file access and command execution via the DataFactory object. It explains the exploitation process but does not include functional exploit code.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: Microsoft Data Access Components (MDAC) with RDS
Auth required
Prerequisites: Valid DSN, User ID, and Password for ODBC connection · Microsoft JET OLE DB Provider or Microsoft DataShape Provider installed
devstral-2 · analyzed Feb 18, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/iis/msadc.rb

This Metasploit module exploits CVE-1999-1011, a vulnerability in Microsoft IIS MDAC msadcs.dll RDS service, allowing arbitrary remote command execution via VbBusObj or AdvancedDataFactory. It leverages command injection into Microsoft Access databases, MSSQL, or ODBC/JET DSN.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft IIS with MDAC (1.5, 2.0, 2.0 SDK, 2.1) and RDS enabled
No auth needed
Prerequisites: Target must expose /msadc/msadcs.dll · RDS service must be accessible · Vulnerable MDAC version installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
https://www.securityfocus.com/bid/529
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/272
Third Party Advisory, US Government Resource third-party-advisory government-resource x_refsource_ciac
http://www.ciac.org/ciac/bulletins/j-054.shtml

Scores

EPSS 0.7714
EPSS Percentile 99.5%

Details

CWE
CWE-264
Status published
Products (7)
microsoft/data_access_components 1.5
microsoft/data_access_components 2.0
microsoft/data_access_components 2.1
microsoft/index_server 2.0
microsoft/internet_information_server 3.0
microsoft/internet_information_server 4.0
microsoft/site_server 3.0
Published Jul 19, 1999
Tracked Since Feb 18, 2026