MDAC 2.1.2.4202.3 / Microsoft Windows NT 4.0/SP1-6 JET/ODBC Patch / RDS Fix – Registry Key

MDAC 2.1.2.4202.3 / Microsoft Windows NT 4.0/SP1-6 JET/ODBC Patch / RDS Fix – Registry Key

漏洞ID 1053415 漏洞类型
发布时间 1999-09-21 更新时间 1999-09-21
图片[1]-MDAC 2.1.2.4202.3 / Microsoft Windows NT 4.0/SP1-6 JET/ODBC Patch / RDS Fix – Registry Key-安全小百科CVE编号 N/A
图片[2]-MDAC 2.1.2.4202.3 / Microsoft Windows NT 4.0/SP1-6 JET/ODBC Patch / RDS Fix – Registry Key-安全小百科CNNVD-ID N/A
漏洞平台 Windows CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/19506
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
(MDAC) 2.1.2.4202.3 (GA),Microsoft Windows NT 4.0/alpha/SP1/SP1 alpha/SP2/SP2 alpha/SP3/SP3 alpha/SP4/SP4 alpha/SP5/SP5 alpha/SP6/SP6 alpha JET/ODBC Patch and RDS Fix Registry Key Vulnerabilities

source: http://www.securityfocus.com/bid/654/info

Microsoft has made available fixes for the JET/ODBC and RDS vulnerabilities. These fixes implement specific Registry Key values to restrict "malicious activity". The Registry Keys include:

for JET/ODBC:
HKEY_LOCAL_MACHINESoftwareMicrosoftJet3.5EnginesSandboxMode

for RDS:
HKEY_LOCAL_MACHINESoftwareMicrosoftDataFactoryHandlerInfo
Value: handlerRequired
DWORD=1

The Security Permissions over these Registry Keys are Set to "Everyone:Special Access". Special Access, in these instances, includes 'Set Value'. This permission allows members of the Everyone Group (Domain Users, Users, Guests, etc.) to modify the value of these keys, including the ability to disable the security features which may have been enabled by the administrator. Disabling the Data FactoryHandlerInfo setting ("handlerRequired DWORD=0") may open the host to exploit via the MDAC RDS exploit as described in Bugtraq ID 529 <http://www.securityfocus.com/bid/529.html>. 

Modify the HKEY_Local_MachineSoftwareMicrosoftDataFactoryHandlerInfo Registry Key value "handlerRequired" to DWORD=0

相关推荐: lex routines缓冲区溢出漏洞

lex routines缓冲区溢出漏洞 漏洞ID 1207333 漏洞类型 缓冲区溢出 发布时间 1998-07-06 更新时间 1998-07-06 CVE编号 CVE-1999-1574 CNNVD-ID CNNVD-199807-006 漏洞平台 N/A…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享