9.3

CVE-2006-5559

Exploit

The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.

Data is provided by the National Vulnerability Database (NVD)
MicrosoftData Access Components Version2.5 Updatesp3
   MicrosoftWindows 2000 Updatesp4
MicrosoftData Access Components Version2.8 Updatesp1
   MicrosoftWindows Xp Updatesp2
MicrosoftData Access Components Version2.7 Updatesp1
   MicrosoftWindows 2000 Updatesp4
MicrosoftData Access Components Version2.8
   MicrosoftWindows 2000 Updatesp4
MicrosoftData Access Components Version2.8 Updatesp1
   MicrosoftWindows 2000 Updatesp4
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 71.16% 0.987
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://securitytracker.com/id?1017127
Patch
Vendor Advisory
Exploit
http://www.kb.cert.org/vuls/id/589272
Patch
US Government Resource