CVE-2006-5559
published 2006-10-27CVE-2006-5559: The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access…
PriorityP268critical9.3CVSS 2.0
AVNACMAuNCCICAC
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
43.79%
98.6th percentile
The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | data_access_components | — | — |
| microsoft | data_access_components | — | — |
| microsoft | data_access_components | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor instantiation of ADODB.Connection ActiveX objects (versions 2.7 and 2.8) via script in Internet Explorer, which is the attack vector for this CVE. ↗
- →Detect exploitation attempts by looking for calls to the Execute method on ADODB.Connection ActiveX controls where the second argument is a large or malformed BSTR string (e.g., a string grown in a loop). ↗
- →Flag web pages or scripts that instantiate ADODB.Connection.2.7 or ADODB.Connection.2.8 ActiveX objects and pass string arguments to the Execute method, particularly with strings grown iteratively to large sizes. ↗
- ·The vulnerability affects MDAC versions 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1; systems running these specific versions are in scope for detection. ↗
- ·The PoC was published on 2006-10-24 on milw0rm; detections should account for historically crafted exploit pages from this era. ↗
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-662x-vqg2-x4mr: The Execute method in the ADODB
ghsa_unreviewed·2022-05-01
CVE-2006-5559 [HIGH] CWE-20 GHSA-662x-vqg2-x4mr: The Execute method in the ADODB
The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.
VulnCheck
Microsoft Windows Improper Input Validation
vulncheck·2006·CVSS 9.3
CVE-2006-5559 [CRITICAL] Microsoft Windows Improper Input Validation
Microsoft Windows Improper Input Validation
The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.
Affected: Microsoft Windows
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.virusbulletin.com/virusbulletin/2010/05/exploit-kit-explosion-part-two-ve
No detection rules found.
No writeups or analysis indexed.
http://blogs.technet.com/msrc/archive/2006/10/27/adodb-connection-poc-published.aspxhttp://research.eeye.com/html/alerts/zeroday/20061027.htmlhttp://secunia.com/advisories/22452http://securitytracker.com/id?1017127http://www.kb.cert.org/vuls/id/589272http://www.osvdb.org/31882http://www.securityfocus.com/bid/20704http://www.us-cert.gov/cas/techalerts/TA07-044A.htmlhttp://www.vupen.com/english/advisories/2007/0578https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-009https://exchange.xforce.ibmcloud.com/vulnerabilities/29837https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A214http://blogs.technet.com/msrc/archive/2006/10/27/adodb-connection-poc-published.aspxhttp://research.eeye.com/html/alerts/zeroday/20061027.htmlhttp://secunia.com/advisories/22452http://securitytracker.com/id?1017127http://www.kb.cert.org/vuls/id/589272http://www.osvdb.org/31882http://www.securityfocus.com/bid/20704http://www.us-cert.gov/cas/techalerts/TA07-044A.htmlhttp://www.vupen.com/english/advisories/2007/0578https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-009https://exchange.xforce.ibmcloud.com/vulnerabilities/29837https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A214
2006-10-27
Published
Exploited in the wild