Microsoft IIS MDAC RDS (msadcs.dll) Arbitrary Remote Command Execution

critical Nessus Plugin ID 10357

Synopsis

The remote web server is affected by a remote command execution vulnerability.

Description

The web server is probably susceptible to a common IIS vulnerability discovered by 'Rain Forest Puppy'. This vulnerability enables an attacker to execute arbitrary commands on the server with Administrator Privileges.

*** Nessus solely relied on the presence of the file /msadc/msadcs.dll
*** so this might be a false positive

Solution

Upgrade to MDAC version 2.1 SP2 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Delete the /msadc virtual directory in IIS.

See Also

http://support.microsoft.com/default.aspx?scid=kb;[LN];184375

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/1998/ms98-004

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/1999/ms99-025

Plugin Details

Severity: Critical

ID: 10357

File Name: msadcs_dll.nasl

Version: 1.40

Type: remote

Family: Web Servers

Published: 4/1/2000

Updated: 6/12/2020

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.0

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: www/iis, Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 7/19/1999

Exploitable With

Metasploit (MS99-025 Microsoft IIS MDAC msadcs.dll RDS Arbitrary Remote Command Execution)

Reference Information

CVE: CVE-1999-1011

BID: 529

CWE: 264

MSFT: MS98-004, MS99-025

MSKB: 184375