Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Data Access Components code execution
updated since 13.02.2007
Published:26.03.2007
Source:
SecurityVulns ID:7227
Type:client
Threat Level:
7/10
Description:ADODB.Connection NextRecordset() / Execute() double free() vulnerability. Can be used for hidden malware installation.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Microsoft Data Access Components 2.5
 MICROSOFT : Microsoft Data Access Components 2.8
CVE:CVE-2006-5559 (The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.)
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS07-009 Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (927779) (13.02.2007)
Files:Microsoft Internet Explorer ADODB.Recordset Double Free Memory Exploit (ms07-009)
 Microsoft Security Bulletin MS07-009 Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (927779)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod