Memory Management Vulnerability in Microsoft ADODB.Connection ActiveX Control
CVE-2006-5559

Currently unrated

Key Information:

Vendor: Microsoft
Status: Data Access Components
Vendor: CVE Published:; 27 October 2006

Summary

The Execute method in the ADODB.Connection ActiveX control does not properly manage freed memory when handling BSTR strings. This flaw can be exploited by remote attackers to trigger a denial of service, resulting in Internet Explorer crashes. Additionally, it may allow for the execution of arbitrary code through carefully crafted arguments in certain scenarios.

References

http://securitytracker.com/id?1017127

vdb-entryx_refsource_SECTRACK

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.securityfocus.com/bid/20704

vdb-entryx_refsource_BID

EPSS Score

72% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 27, 2006
Vulnerability Reserved
Oct 27, 2006