IIS MDAC ContentLength exploit v1.19 Vulnerability exploited: CAN-2002-1142 - BID-6214 Category: Exploits/Remote This module exploits a buffer overflow and installs a level0 agent into the target host. This module exploits a vulnerability in the MSADCS.DLL library of the Microsoft Data Access Components (MDAC) used by the Microsoft IIS Server.By default remote access to this component is not granted but if the Remote Data Services (RDS) are enabled this exploit could be used to enter into the target machine.This exploit could be also used to escalate privileges in the target machine if the source agent is the same machine.After successful exploitation a level0 agent will be installed. Supported Systems: Windows 2000 Server - sp0 (i386) Windows 2000 Server - sp1 (i386) Windows 2000 Server - sp2 (i386) Windows 2000 Server - sp3 (i386) Windows 2000 Advanced Server - sp0 (i386) Windows 2000 Advanced Server - sp1 (i386) Windows 2000 Advanced Server - sp2 (i386) Windows 2000 Advanced Server - sp3 (i386) Microsoft IIS Server 5.0 with RDS enabled running under Microsoft Windows 2000 Server SP0 Microsoft IIS Server 5.0 with RDS enabled running under Microsoft Windows 2000 Server SP1 Microsoft IIS Server 5.0 with RDS enabled running under Microsoft Windows 2000 Server SP2 Microsoft IIS Server 5.0 with RDS enabled running under Microsoft Windows 2000 Server SP3 Microsoft IIS Server 5.0 with RDS enabled running under Microsoft Windows 2000 Advanced Server SP0 Microsoft IIS Server 5.0 with RDS enabled running under Microsoft Windows 2000 Advanced Server SP1 Microsoft IIS Server 5.0 with RDS enabled running under Microsoft Windows 2000 Advanced Server SP2 Microsoft IIS Server 5.0 with RDS enabled running under Microsoft Windows 2000 Advanced Server SP3 This module is included in the latest version of CORE IMPACT, the first automated comprehensive penetration testing product for accurately identifying information security risks. Click here to learn more about the product.