9.3
CVE-2006-5559
- EPSS 43.79%
- Veröffentlicht 27.10.2006 16:07:00
- Zuletzt bearbeitet 16.06.2026 22:31:26
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Data Access Components Version2.5 Updatesp3
Microsoft ≫ Data Access Components Version2.8 Updatesp1
Microsoft ≫ Data Access Components Version2.8
Microsoft ≫ Data Access Components Version2.7 Updatesp1
Microsoft ≫ Data Access Components Version2.8
Microsoft ≫ Data Access Components Version2.8 Updatesp1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 43.79% | 0.986 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://www.us-cert.gov/cas/techalerts/TA07-044A.html
http://blogs.technet.com/msrc/archive/2006/10/27/adodb-connection-poc-published.aspx
http://research.eeye.com/html/alerts/zeroday/20061027.html
http://secunia.com/advisories/22452
http://securitytracker.com/id?1017127
http://www.kb.cert.org/vuls/id/589272
http://www.osvdb.org/31882
http://www.securityfocus.com/bid/20704
http://www.vupen.com/english/advisories/2007/0578
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-009
https://exchange.xforce.ibmcloud.com/vulnerabilities/29837
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A214