msadcs.dll
----------

CVE Number: 
CVE-1999-1011

Details:
The msadcs.dll file was found on the system. Certain versions of this file
are known to be vulnerable to an attack that can lead to remote compromise
of an NT web server. Vulnerable versions include MDAC 1.5, 2.0, and 2.1
(if not in "Safe" mode).

Fix:
To determine vulnerability, first check for the existence of the following
Registry keys:

  HKLM\System\CurrentControlSet\Services\W3SVC\Parameters\ADCLaunch\RDSServer.DataFactory
  HKLM\System\CurrentControlSet\Services\W3SVC\Parameters\ADCLaunch\AdvancedDataFactory
  HKLM\System\CurrentControlSet\Services\W3SVC\Parameters\ADCLaunch\VbBusObj.VbBusObjCls

Removal of these keys will prevent the remote exploit from working. Second,
check the version of the msdadc.dll and oledb32.dll files loacted in 
%systemroot%\system32\ and compare:

  Msdadc.dll   Oledb32.dll  MDAC Version
  -----------  -----------  ------------
  1.50.3506.0  n/a          1.5c
  2.0+         2.0+         2.0+
  2.1+         2.1+         2.1+

If you have MDAC version 1.5c or 2.0, either remove the appropriate files or
upgrade/patch your system. If you have MDAC version 2.1 or higher, ensure the
following key is set to the value 1:

  HKLM\Software\Microsoft\DataFactory\HandlerInfo\HandlerRequired

For more details please refer to the URLs below.

Related URLs:
http://www.microsoft.com/technet/security/bulletin/ms98-004.asp
http://www.microsoft.com/technet/security/bulletin/ms99-025.asp
http://www.securityfocus.com/templates/archive.pike?list=1&date=1999-07-22&msg=Pine.LNX.4.10.9907231220380.6286-100000@7of9.neohapsis.com
http://www.microsoft.com/technet/security/bulletin/fq99-025.asp

$Id: msadcs,v 1.1 2000/11/06 15:34:20 loveless Exp $
