CVE-1999-1011

Microsoft Data Access Components - Access Control

Title source: rule

Description

The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands.

Exploits (3)

exploitdb WORKING POC VERIFIED

by rain forest puppy · perlremotewindows

https://www.exploit-db.com/exploits/19424

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by Wanderley J. Abreu Jr · textlocalwindows

https://www.exploit-db.com/exploits/19425

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/iis/msadc.rb

View Code ZIP pw:eip

References (5)

[Third Party Advisory, US Government Resource] http://www.ciac.org/ciac/bulletins/j-054.shtml

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-004

[Third Party Advisory, VDB Entry] https://www.securityfocus.com/bid/529

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-025

[Third Party Advisory, VDB Entry] http://www.osvdb.org/272

Scores

EPSS 0.7930

EPSS Percentile 99.1%

Details

CWE

CWE-264

Status published

Products (7)

microsoft/data_access_components 1.5

microsoft/data_access_components 2.0

microsoft/data_access_components 2.1

microsoft/index_server 2.0

microsoft/internet_information_server 3.0

microsoft/internet_information_server 4.0

microsoft/site_server 3.0

Published Jul 19, 1999

Tracked Since Feb 18, 2026