9.3

CVE-2006-5559

Exploit
The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftData Access Components Version2.5 Updatesp3
   MicrosoftWindows 2000 Updatesp4
MicrosoftData Access Components Version2.8 Updatesp1
   MicrosoftWindows Xp Updatesp2
MicrosoftData Access Components Version2.7 Updatesp1
   MicrosoftWindows 2000 Updatesp4
MicrosoftData Access Components Version2.8
   MicrosoftWindows 2000 Updatesp4
MicrosoftData Access Components Version2.8 Updatesp1
   MicrosoftWindows 2000 Updatesp4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 43.79% 0.986
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.us-cert.gov/cas/techalerts/TA07-044A.html
US Government Resource
http://blogs.technet.com/msrc/archive/2006/10/27/adodb-connection-poc-published.aspx
http://research.eeye.com/html/alerts/zeroday/20061027.html
Patch
http://secunia.com/advisories/22452
Vendor Advisory
http://securitytracker.com/id?1017127
Patch
Vendor Advisory
Exploit
http://www.kb.cert.org/vuls/id/589272
Patch
US Government Resource
http://www.osvdb.org/31882
http://www.securityfocus.com/bid/20704
Patch
Exploit
http://www.vupen.com/english/advisories/2007/0578
Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-009
https://exchange.xforce.ibmcloud.com/vulnerabilities/29837
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A214