MitreCVELIST:CVE-2006-5559CVE-2006-5559
The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.
References
blogs.technet.com/msrc/archive/2006/10/27/adodb-connection-poc-published.aspx
research.eeye.com/html/alerts/zeroday/20061027.html
secunia.com/advisories/22452
securitytracker.com/id?1017127
www.kb.cert.org/vuls/id/589272
www.osvdb.org/31882
www.securityfocus.com/bid/20704
www.us-cert.gov/cas/techalerts/TA07-044A.html
www.vupen.com/english/advisories/2007/0578
docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-009
exchange.xforce.ibmcloud.com/vulnerabilities/29837
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A214
Related
