Vulnerability Details : CVE-2006-5559
The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.
Vulnerability category: Input validationExecute codeDenial of service
Products affected by CVE-2006-5559
- cpe:2.3:a:microsoft:data_access_components:2.8:*:*:*:*:*:*:*When used together with: Microsoft » Windows 2003 Server
- cpe:2.3:a:microsoft:data_access_components:2.5:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:data_access_components:2.8:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:data_access_components:2.7:sp1:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-5559
96.76%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-5559
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2006-5559
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2006-5559
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-009
-
http://www.us-cert.gov/cas/techalerts/TA07-044A.html
US Government Resource
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/29837
-
http://research.eeye.com/html/alerts/zeroday/20061027.html
Patch
-
http://securitytracker.com/id?1017127
Exploit;Patch;Vendor Advisory
-
http://www.kb.cert.org/vuls/id/589272
Patch;US Government Resource
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A214
-
http://www.vupen.com/english/advisories/2007/0578
Vendor Advisory
-
http://blogs.technet.com/msrc/archive/2006/10/27/adodb-connection-poc-published.aspx
-
http://www.securityfocus.com/bid/20704
Exploit;Patch
Jump to