Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2006-5559
HistoryOct 27, 2006 - 4:07 p.m.

CVE-2006-5559

2006-10-2716:07:00
CWE-20
mitre
web.nvd.nist.gov
22
cve-2006-5559
execute method
adodb.connection
activex control
microsoft data access components
mdac
denial of service
arbitrary code
remote attackers

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.7

Confidence

High

EPSS

0.968

Percentile

99.7%

JSON

The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.

Affected configurations

Nvd
Node
microsoftwindows_2000sp4
AND
microsoftdata_access_componentsMatch2.5sp3
Node
microsoftwindows_xpsp2
AND
microsoftdata_access_componentsMatch2.8sp1
Node
microsoftwindows_2003_server
OR
microsoftwindows_2003_serverMatchitanium
AND
microsoftdata_access_componentsMatch2.8
Node
microsoftwindows_2000sp4
AND
microsoftdata_access_componentsMatch2.7sp1
Node
microsoftwindows_2000sp4
AND
microsoftdata_access_componentsMatch2.8
Node
microsoftwindows_2000sp4
AND
microsoftdata_access_componentsMatch2.8sp1
VendorProductVersionCPE
microsoftwindows_2000*cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
microsoftdata_access_components2.5cpe:2.3:a:microsoft:data_access_components:2.5:sp3:*:*:*:*:*:*
microsoftwindows_xp*cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
microsoftdata_access_components2.8cpe:2.3:a:microsoft:data_access_components:2.8:sp1:*:*:*:*:*:*
microsoftwindows_2003_server*cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*
microsoftwindows_2003_serveritaniumcpe:2.3:o:microsoft:windows_2003_server:itanium:*:*:*:*:*:*:*
microsoftdata_access_components2.8cpe:2.3:a:microsoft:data_access_components:2.8:*:*:*:*:*:*:*
microsoftdata_access_components2.7cpe:2.3:a:microsoft:data_access_components:2.7:sp1:*:*:*:*:*:*

Related

securityvulns 2
checkpoint_advisories 1
nessus 1
cvelist 1
nvd 1
cert 1
exploitdb 1
securityvulns
securityvulns
Microsoft Security Bulletin MS07-009 Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (927779)
2007-02-13 00:00:00
Microsoft Data Access Components code execution
2007-03-26 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Data Access ADODB.Connection Object Memory Corruption (MS07-009; CVE-2006-5559)
2007-02-14 00:00:00
nessus
nessus
MS07-009: Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (927779)
2007-02-13 00:00:00
cvelist
cvelist
CVE-2006-5559
2006-10-27 16:00:00
nvd
nvd
CVE-2006-5559
2006-10-27 16:07:00
cert
cert
ADODB.Connection ActiveX control memory corruption vulnerability
2006-10-27 00:00:00
exploitdb
exploitdb
Microsoft Internet Explorer - ADODB Execute Denial of Service (PoC)
2006-10-24 00:00:00

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.7

Confidence

High

EPSS

0.968

Percentile

99.7%

JSON
Related for CVE-2006-5559
securityvulns2checkpoint_advisories1nessus1cvelist1nvd1cert1exploitdb1