CVE-2006-5559
🔴 Łataj teraz
Błąd w metodzie Execute w ADODB.Connection umożliwia zdalne wywołanie awarii Internet Explorera.
CVSS
9.3
EPSS
72.6%
Exploit
poc
Vendor
microsoft
Opis źródłowy (NVD)
The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.
dos exploit
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 9.3 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 72.6% |
| Opublikowano (NVD) | 2006-10-27 16:07:00 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-23 00:35:47 UTC |
Referencje
- http://blogs.technet.com/msrc/archive/2006/10/27/adodb-connection-poc-published.aspx (cve@mitre.org)
- http://research.eeye.com/html/alerts/zeroday/20061027.html (cve@mitre.org) [Patch]
- http://secunia.com/advisories/22452 (cve@mitre.org) [Vendor Advisory]
- http://securitytracker.com/id?1017127 (cve@mitre.org) [Exploit, Patch, Vendor Advisory]
- http://www.kb.cert.org/vuls/id/589272 (cve@mitre.org) [Patch, US Government Resource]
- http://www.osvdb.org/31882 (cve@mitre.org)
- http://www.securityfocus.com/bid/20704 (cve@mitre.org) [Exploit, Patch]
- http://www.us-cert.gov/cas/techalerts/TA07-044A.html (cve@mitre.org) [US Government Resource]
- http://www.vupen.com/english/advisories/2007/0578 (cve@mitre.org) [Vendor Advisory]
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-009 (cve@mitre.org)
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29837 (cve@mitre.org)
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A214 (cve@mitre.org)