Computer Security

Forum
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Microsoft Data Access Components code execution
updated since 13.02.2007
Published:26.03.2007
Source:MICROSOFT
SecurityVulns ID:7227
Type:client
Level:7/10
Description:ADODB.Connection NextRecordset() / Execute() double free() vulnerability. Can be used for hidden malware installation.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Microsoft Data Access Components 2.5
 MICROSOFT : Microsoft Data Access Components 2.8
CVE:CVE-2006-5559 (The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.)
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS07-009 Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (927779) (13.02.2007)
Files:Microsoft Internet Explorer ADODB.Recordset Double Free Memory Exploit (ms07-009)
 Microsoft Security Bulletin MS07-009 Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (927779)
Discuss:Read or add your comments to this news (1 comments)

  asd: sa  25.10.2007 2:22:43
 sad
Show Threads
Messages
 
Login:* (Register)
Password:*
(private) To:
(reply) Subject:*
Text:

Main Forum (Eng)

General security questions not appropriate for another forums. 		3proxy Forum (Eng)

All 3proxy question must be posted to this forum. 		Bugs, Vulnerabilities, PoCs and Exploits (Eng)

All vulnerability related questions, vulnerability digging and exploit creation. 		Windows programming and administration (Eng)

Administering Windows and application development. 		Unix programming and administation (Eng)

Administering Unix and application development. 		Test forum

Please post all test messages here. All test messages from different forums will be deteted.
Main Forum (Rus)
 3proxy Forum (Rus)
 Bugs, Vulnerabilities, PoCs and Exploits (Rus)
 Windows programming and administration (Rus)
 Unix programming and administation (Rus)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 


Рейтинг@Mail.ru