cbcvebase.
CVE-2006-5559
published 2006-10-27

CVE-2006-5559: The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access…

PriorityP268critical9.3CVSS 2.0
AVNACMAuNCCICAC
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
43.79%
98.6th percentile
The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.

Affected

3 ranges
VendorProductVersion rangeFixed in
microsoftdata_access_components
microsoftdata_access_components
microsoftdata_access_components

Detection & IOCsextracted from sources · hover to see the quote

otherADODB.Connection.2.7
otherADODB.Connection.2.8
  • Monitor instantiation of ADODB.Connection ActiveX objects (versions 2.7 and 2.8) via script in Internet Explorer, which is the attack vector for this CVE.
  • Detect exploitation attempts by looking for calls to the Execute method on ADODB.Connection ActiveX controls where the second argument is a large or malformed BSTR string (e.g., a string grown in a loop).
  • Flag web pages or scripts that instantiate ADODB.Connection.2.7 or ADODB.Connection.2.8 ActiveX objects and pass string arguments to the Execute method, particularly with strings grown iteratively to large sizes.
  • ·The vulnerability affects MDAC versions 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1; systems running these specific versions are in scope for detection.
  • ·The PoC was published on 2006-10-24 on milw0rm; detections should account for historically crafted exploit pages from this era.

CVSS provenance

nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.