CVE-2006-5559
9.3
Vector
AV:N/AC:M/Au:N/C:C/I:C/A:C
Exploitability: 8.6 / Impact: 10.0
Source: NVD
Description
The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.
Affected (4)
Products: Microsoft: Data Access Components
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 2.5 sp3 |
Configuration B
| Running on/with | Platform Versions |
|---|---|
Microsoft Windows Xp | All versions |
Configuration C
| Running on/with | Platform Versions |
|---|---|
Microsoft Windows 2003 Server | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Version 2.7 sp1 |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Version 2.8 |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Version 2.8 sp1 |
| Running on/with | Platform Versions |
|---|---|
Microsoft Windows 2000 | All versions |
References (24)
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Timeline
No history available yet.