MDAC 2.1.2.4202.3 / Microsoft Windows NT 4.0/SP1-6 JET/ODBC Patch / RDS Fix – Registry Key
漏洞ID | 1053415 | 漏洞类型 | |
发布时间 | 1999-09-21 | 更新时间 | 1999-09-21 |
CVE编号 | N/A |
CNNVD-ID | N/A |
漏洞平台 | Windows | CVSS评分 | N/A |
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
(MDAC) 2.1.2.4202.3 (GA),Microsoft Windows NT 4.0/alpha/SP1/SP1 alpha/SP2/SP2 alpha/SP3/SP3 alpha/SP4/SP4 alpha/SP5/SP5 alpha/SP6/SP6 alpha JET/ODBC Patch and RDS Fix Registry Key Vulnerabilities
source: http://www.securityfocus.com/bid/654/info
Microsoft has made available fixes for the JET/ODBC and RDS vulnerabilities. These fixes implement specific Registry Key values to restrict "malicious activity". The Registry Keys include:
for JET/ODBC:
HKEY_LOCAL_MACHINESoftwareMicrosoftJet3.5EnginesSandboxMode
for RDS:
HKEY_LOCAL_MACHINESoftwareMicrosoftDataFactoryHandlerInfo
Value: handlerRequired
DWORD=1
The Security Permissions over these Registry Keys are Set to "Everyone:Special Access". Special Access, in these instances, includes 'Set Value'. This permission allows members of the Everyone Group (Domain Users, Users, Guests, etc.) to modify the value of these keys, including the ability to disable the security features which may have been enabled by the administrator. Disabling the Data FactoryHandlerInfo setting ("handlerRequired DWORD=0") may open the host to exploit via the MDAC RDS exploit as described in Bugtraq ID 529 <http://www.securityfocus.com/bid/529.html>.
Modify the HKEY_Local_MachineSoftwareMicrosoftDataFactoryHandlerInfo Registry Key value "handlerRequired" to DWORD=0
lex routines缓冲区溢出漏洞 漏洞ID 1207333 漏洞类型 缓冲区溢出 发布时间 1998-07-06 更新时间 1998-07-06 CVE编号 CVE-1999-1574 CNNVD-ID CNNVD-199807-006 漏洞平台 N/A…
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
喜欢就支持一下吧
恐龙抗狼扛1年前0
kankan啊啊啊啊3年前0
66666666666666