certfr_avis - CERTA-2007-AVI-085

CERTA-2007-AVI-085

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité, permettant l'exécution de code arbitraire à distance, existe dans 2 composants ActiveX, Microsoft Data Access Components et Microsoft HTML Help, de Microsoft Windows.

Description

Microsoft HTML Help (hhcrtl.ocx) est un composant ActiveX permettant l'affichage des fichiers d'aide au format HTML. Une personne malveillante peut exploiter la vulnérabilité présente dans ce composant ActiveX afin d'exécuter du code arbitraire à distance par le biais d'une page web au format HTML spécialement conçue.

Microsoft Data Access Components (MDAC) est un regroupement de technologies Microsoft facilitant l'accès aux données. Une vulnérabilité présente dans le contrôle ActiveX ADODB.Connection permet à une personne malveillante d'exécuter du code arbitraire à distance par le biais d'un appel spécialement conçu d'une méthode de ce contrôle ActiveX.

Solution

Se référer aux bulletins de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Microsoft Windows XP Service Pack 2 ;
Microsoft	Windows	Microsoft Windows Serveur 2003, versions x86 et Itanium.
Microsoft	Windows	Microsoft Windows 2000 Service Pack 4 ;

References

Title

Publication Time

Tags

Bulletins de sécurités Microsoft MS07-008 et MS07-009 du 13 février 2007	None	vendor-advisory
Bulletin de sécurité Microsoft MS07-009 du 13 février 2007 :	-	other
Bulletin de sécurité Microsoft MS07-008 du 13 février 2007 :	-	other
Bulletin de sécurité Microsoft MS07-008 du 13 février 2007 :	-	other
Bulletin de sécurité Microsoft MS07-009 du 13 février 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Windows XP Service Pack 2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Serveur 2003, versions x86 et Itanium.",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows 2000 Service Pack 4 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nMicrosoft HTML Help (hhcrtl.ocx) est un composant ActiveX permettant\nl\u0027affichage des fichiers d\u0027aide au format HTML. Une personne\nmalveillante peut exploiter la vuln\u00e9rabilit\u00e9 pr\u00e9sente dans ce composant\nActiveX afin d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance par le biais d\u0027une\npage web au format HTML sp\u00e9cialement con\u00e7ue.\n\nMicrosoft Data Access Components (MDAC) est un regroupement de\ntechnologies Microsoft facilitant l\u0027acc\u00e8s aux donn\u00e9es. Une vuln\u00e9rabilit\u00e9\npr\u00e9sente dans le contr\u00f4le ActiveX ADODB.Connection permet \u00e0 une personne\nmalveillante d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance par le biais d\u0027un\nappel sp\u00e9cialement con\u00e7u d\u0027une m\u00e9thode de ce contr\u00f4le ActiveX.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-0214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0214"
    },
    {
      "name": "CVE-2006-5559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-5559"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-009 du 13 f\u00e9vrier 2007    :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS07-009.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-008 du 13 f\u00e9vrier 2007    :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS07-008.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-008 du 13 f\u00e9vrier 2007    :",
      "url": "http://www.microsoft.com/france/technet/security/bulletin/MS07-008.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-009 du 13 f\u00e9vrier 2007    :",
      "url": "http://www.microsoft.com/france/technet/security/bulletin/MS07-009.mspx"
    }
  ],
  "reference": "CERTA-2007-AVI-085",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-02-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9, permettant l\u0027ex\u00e9cution de code arbitraire \u00e0 distance,\nexiste dans 2 composants ActiveX, Microsoft Data Access Components et\nMicrosoft HTML Help, de Microsoft Windows.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans des composants ActiveX de Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9s Microsoft MS07-008 et MS07-009 du 13 f\u00e9vrier 2007",
      "url": null
    }
  ]
}

CVE-2007-0214 (GCVE-0-2007-0214)

Vulnerability from cvelistv5 – Published: 2007-02-13 20:00 – Updated: 2024-08-07 12:12

Summary

The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters.

Severity ?

No CVSS data available.

CWE

Assigner

microsoft

References

URL

Tags

	http://www.securityfocus.com/bid/22478	vdb-entryx_refsource_BID
	http://www.securitytracker.com/id?1017635	vdb-entryx_refsource_SECTRACK
	http://www.us-cert.gov/cas/techalerts/TA07-044A.html	third-party-advisoryx_refsource_CERT
	http://www.kb.cert.org/vuls/id/563756	third-party-advisoryx_refsource_CERT-VN
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://secunia.com/advisories/24136	third-party-advisoryx_refsource_SECUNIA
	http://www.osvdb.org/31884	vdb-entryx_refsource_OSVDB
	http://www.vupen.com/english/advisories/2007/0577	vdb-entryx_refsource_VUPEN
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:12:17.421Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "22478",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/22478"
          },
          {
            "name": "1017635",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1017635"
          },
          {
            "name": "TA07-044A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
          },
          {
            "name": "VU#563756",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/563756"
          },
          {
            "name": "oval:org.mitre.oval:def:125",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A125"
          },
          {
            "name": "24136",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24136"
          },
          {
            "name": "31884",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/31884"
          },
          {
            "name": "ADV-2007-0577",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0577"
          },
          {
            "name": "MS07-008",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-008"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-02-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "22478",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/22478"
        },
        {
          "name": "1017635",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1017635"
        },
        {
          "name": "TA07-044A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
        },
        {
          "name": "VU#563756",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/563756"
        },
        {
          "name": "oval:org.mitre.oval:def:125",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A125"
        },
        {
          "name": "24136",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24136"
        },
        {
          "name": "31884",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/31884"
        },
        {
          "name": "ADV-2007-0577",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0577"
        },
        {
          "name": "MS07-008",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-008"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2007-0214",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "22478",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/22478"
            },
            {
              "name": "1017635",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1017635"
            },
            {
              "name": "TA07-044A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
            },
            {
              "name": "VU#563756",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/563756"
            },
            {
              "name": "oval:org.mitre.oval:def:125",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A125"
            },
            {
              "name": "24136",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24136"
            },
            {
              "name": "31884",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/31884"
            },
            {
              "name": "ADV-2007-0577",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0577"
            },
            {
              "name": "MS07-008",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-008"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2007-0214",
    "datePublished": "2007-02-13T20:00:00",
    "dateReserved": "2007-01-12T00:00:00",
    "dateUpdated": "2024-08-07T12:12:17.421Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-5559 (GCVE-0-2006-5559)

Vulnerability from cvelistv5 – Published: 2006-10-27 16:00 – Updated: 2024-08-07 19:55

Summary

The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://securitytracker.com/id?1017127	vdb-entryx_refsource_SECTRACK
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	http://www.securityfocus.com/bid/20704	vdb-entryx_refsource_BID
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://secunia.com/advisories/22452	third-party-advisoryx_refsource_SECUNIA
	http://www.us-cert.gov/cas/techalerts/TA07-044A.html	third-party-advisoryx_refsource_CERT
	http://research.eeye.com/html/alerts/zeroday/2006…	x_refsource_MISC
	http://www.kb.cert.org/vuls/id/589272	third-party-advisoryx_refsource_CERT-VN
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.osvdb.org/31882	vdb-entryx_refsource_OSVDB
	http://blogs.technet.com/msrc/archive/2006/10/27/…	x_refsource_MISC
	http://www.vupen.com/english/advisories/2007/0578	vdb-entryx_refsource_VUPEN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:55:53.686Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1017127",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017127"
          },
          {
            "name": "MS07-009",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-009"
          },
          {
            "name": "20704",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/20704"
          },
          {
            "name": "oval:org.mitre.oval:def:214",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A214"
          },
          {
            "name": "22452",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22452"
          },
          {
            "name": "TA07-044A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://research.eeye.com/html/alerts/zeroday/20061027.html"
          },
          {
            "name": "VU#589272",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/589272"
          },
          {
            "name": "ie-adodbconnection-Code-Execution(29837)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29837"
          },
          {
            "name": "31882",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/31882"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blogs.technet.com/msrc/archive/2006/10/27/adodb-connection-poc-published.aspx"
          },
          {
            "name": "ADV-2007-0578",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0578"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-10-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1017127",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017127"
        },
        {
          "name": "MS07-009",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-009"
        },
        {
          "name": "20704",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/20704"
        },
        {
          "name": "oval:org.mitre.oval:def:214",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A214"
        },
        {
          "name": "22452",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22452"
        },
        {
          "name": "TA07-044A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://research.eeye.com/html/alerts/zeroday/20061027.html"
        },
        {
          "name": "VU#589272",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/589272"
        },
        {
          "name": "ie-adodbconnection-Code-Execution(29837)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29837"
        },
        {
          "name": "31882",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/31882"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blogs.technet.com/msrc/archive/2006/10/27/adodb-connection-poc-published.aspx"
        },
        {
          "name": "ADV-2007-0578",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0578"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-5559",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1017127",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017127"
            },
            {
              "name": "MS07-009",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-009"
            },
            {
              "name": "20704",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/20704"
            },
            {
              "name": "oval:org.mitre.oval:def:214",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A214"
            },
            {
              "name": "22452",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22452"
            },
            {
              "name": "TA07-044A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
            },
            {
              "name": "http://research.eeye.com/html/alerts/zeroday/20061027.html",
              "refsource": "MISC",
              "url": "http://research.eeye.com/html/alerts/zeroday/20061027.html"
            },
            {
              "name": "VU#589272",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/589272"
            },
            {
              "name": "ie-adodbconnection-Code-Execution(29837)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29837"
            },
            {
              "name": "31882",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/31882"
            },
            {
              "name": "http://blogs.technet.com/msrc/archive/2006/10/27/adodb-connection-poc-published.aspx",
              "refsource": "MISC",
              "url": "http://blogs.technet.com/msrc/archive/2006/10/27/adodb-connection-poc-published.aspx"
            },
            {
              "name": "ADV-2007-0578",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0578"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-5559",
    "datePublished": "2006-10-27T16:00:00",
    "dateReserved": "2006-10-27T00:00:00",
    "dateUpdated": "2024-08-07T19:55:53.686Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CERTA-2007-AVI-085

Description

Solution

CVE-2007-0214 (GCVE-0-2007-0214)

CVE-2006-5559 (GCVE-0-2006-5559)

Tags

Sightings

Nomenclature