Microsoft IIS MDAC RDS (msadcs.dll) Arbitrary Remote Command Execution

This script is Copyright (C) 2000-2014 Roelof Temmingh <roelof@sensepost.com>


Synopsis :

The remote web server is affected by a remote command execution
vulnerability.

Description :

The web server is probably susceptible to a common IIS vulnerability
discovered by 'Rain Forest Puppy'. This vulnerability enables an
attacker to execute arbitrary commands on the server with
Administrator Privileges.

*** Nessus solely relied on the presence of the file /msadc/msadcs.dll
*** so this might be a false positive

See also :

http://support.microsoft.com/default.aspx?scid=kb
[LN]
184375
http://technet.microsoft.com/en-us/security/bulletin/ms98-004
http://technet.microsoft.com/en-us/security/bulletin/ms99-025

Solution :

Upgrade to MDAC version 2.1 SP2 or higher, as it has been reported to
fix this vulnerability. It is also possible to correct the flaw by
implementing the following workaround: Delete the /msadc virtual
directory in IIS.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 9.5
(CVSS2#E:F/RL:U/RC:ND)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 10357 ()

Bugtraq ID: 529

CVE ID: CVE-1999-1011