MS06-014: Vulnerability in MDAC Could Allow Code Execution (911562)

Medium Nessus Plugin ID 21211


A local administrator could elevate his privileges on the remote host, through a flaw in the MDAC server.


The remote Microsoft Data Access Component (MDAC) server is vulnerable to a flaw that could allow a local administrator to elevate his privileges to the 'system' level, thus gaining the complete control over the remote system.


Microsoft has released a set of patches for Windows 2000, XP and 2003.

See Also

Plugin Details

Severity: Medium

ID: 21211

File Name: smb_nt_ms06-014.nasl

Version: $Revision: 1.30 $

Type: local

Agent: windows

Published: 2006/04/11

Modified: 2017/08/10

Dependencies: 13855, 57033

Risk Information

Risk Factor: Medium


Base Score: 5.1

Temporal Score: 4

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2006/04/11

Vulnerability Publication Date: 2006/04/11

Exploitable With


Core Impact

Metasploit (MS06-014 Microsoft Internet Explorer COM CreateObject Code Execution)

Reference Information

CVE: CVE-2006-0003

BID: 17462

OSVDB: 24517

MSFT: MS06-014

MSKB: 911562