Published: 27/10/2006 Updated: 12/10/2018

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 935

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Subscribe to Windows 2000

The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote malicious users to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft data_access_components 2.5
microsoft data_access_components 2.8
microsoft data_access_components 2.7

<!-- // Internet Explorer 'ADODBConnection' object 'Execute' Function Vulnerability POC // tested on Windows XP SP1/XP SP2, IE 60 with latest patches installed // Author: YAG KOHHA (skyhole [at] gmailcom) // Greetz: H D Moor, Dark Eagle, str0ke, Maxus, Fuchunic, Offtopic // Access violation at: // -------------------------------------------- ...

CWE-20 http://blogs.technet.com/msrc/archive/2006/10/27/adodb-connection-poc-published.aspx http://www.kb.cert.org/vuls/id/589272 http://www.securityfocus.com/bid/20704 http://securitytracker.com/id?1017127 http://research.eeye.com/html/alerts/zeroday/20061027.html http://www.osvdb.org/31882 http://secunia.com/advisories/22452 http://www.us-cert.gov/cas/techalerts/TA07-044A.html http://www.vupen.com/english/advisories/2007/0578 https://exchange.xforce.ibmcloud.com/vulnerabilities/29837 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A214 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-009 https://nvd.nist.gov https://www.exploit-db.com/exploits/2629/https://www.kb.cert.org/vuls/id/589272

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-5559

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect