Memory Management Vulnerability in Microsoft ADODB.Connection ActiveX Control
CVE-2006-5559

Currently unrated

Key Information:

Vendor: Microsoft
Status: Data Access Components
Vendor: CVE Published:; 27 October 2006

What is CVE-2006-5559?

The Execute method in the ADODB.Connection ActiveX control does not properly manage freed memory when handling BSTR strings. This flaw can be exploited by remote attackers to trigger a denial of service, resulting in Internet Explorer crashes. Additionally, it may allow for the execution of arbitrary code through carefully crafted arguments in certain scenarios.

References

http://securitytracker.com/id?1017127

vdb-entryx_refsource_SECTRACK

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.securityfocus.com/bid/20704

vdb-entryx_refsource_BID

EPSS Score

72% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 27, 2006
Vulnerability Reserved
Oct 27, 2006