CVE-2006-5559

Currently unrated

Key Information:

Vendor: Microsoft
Status: Data Access Components
Vendor: CVE Published:; 27 October 2006

Summary

The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.

References

http://securitytracker.com/id?1017127

vdb-entryx_refsource_SECTRACK

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.securityfocus.com/bid/20704

vdb-entryx_refsource_BID

EPSS Score

96% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 27, 2006
Vulnerability Reserved
Oct 27, 2006

Collectors

NVD DatabaseMitre Database