cvelistv5 - cve-2006-5559

CVE-2006-5559 (GCVE-0-2006-5559)

Vulnerability from cvelistv5 – Published: 2006-10-27 16:00 – Updated: 2024-08-07 19:55

Summary

The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://securitytracker.com/id?1017127	vdb-entryx_refsource_SECTRACK
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	http://www.securityfocus.com/bid/20704	vdb-entryx_refsource_BID
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://secunia.com/advisories/22452	third-party-advisoryx_refsource_SECUNIA
	http://www.us-cert.gov/cas/techalerts/TA07-044A.html	third-party-advisoryx_refsource_CERT
	http://research.eeye.com/html/alerts/zeroday/2006…	x_refsource_MISC
	http://www.kb.cert.org/vuls/id/589272	third-party-advisoryx_refsource_CERT-VN
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.osvdb.org/31882	vdb-entryx_refsource_OSVDB
	http://blogs.technet.com/msrc/archive/2006/10/27/…	x_refsource_MISC
	http://www.vupen.com/english/advisories/2007/0578	vdb-entryx_refsource_VUPEN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:55:53.686Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1017127",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017127"
          },
          {
            "name": "MS07-009",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-009"
          },
          {
            "name": "20704",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/20704"
          },
          {
            "name": "oval:org.mitre.oval:def:214",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A214"
          },
          {
            "name": "22452",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22452"
          },
          {
            "name": "TA07-044A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://research.eeye.com/html/alerts/zeroday/20061027.html"
          },
          {
            "name": "VU#589272",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/589272"
          },
          {
            "name": "ie-adodbconnection-Code-Execution(29837)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29837"
          },
          {
            "name": "31882",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/31882"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blogs.technet.com/msrc/archive/2006/10/27/adodb-connection-poc-published.aspx"
          },
          {
            "name": "ADV-2007-0578",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0578"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-10-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1017127",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017127"
        },
        {
          "name": "MS07-009",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-009"
        },
        {
          "name": "20704",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/20704"
        },
        {
          "name": "oval:org.mitre.oval:def:214",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A214"
        },
        {
          "name": "22452",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22452"
        },
        {
          "name": "TA07-044A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://research.eeye.com/html/alerts/zeroday/20061027.html"
        },
        {
          "name": "VU#589272",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/589272"
        },
        {
          "name": "ie-adodbconnection-Code-Execution(29837)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29837"
        },
        {
          "name": "31882",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/31882"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blogs.technet.com/msrc/archive/2006/10/27/adodb-connection-poc-published.aspx"
        },
        {
          "name": "ADV-2007-0578",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0578"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-5559",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1017127",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017127"
            },
            {
              "name": "MS07-009",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-009"
            },
            {
              "name": "20704",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/20704"
            },
            {
              "name": "oval:org.mitre.oval:def:214",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A214"
            },
            {
              "name": "22452",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22452"
            },
            {
              "name": "TA07-044A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
            },
            {
              "name": "http://research.eeye.com/html/alerts/zeroday/20061027.html",
              "refsource": "MISC",
              "url": "http://research.eeye.com/html/alerts/zeroday/20061027.html"
            },
            {
              "name": "VU#589272",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/589272"
            },
            {
              "name": "ie-adodbconnection-Code-Execution(29837)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29837"
            },
            {
              "name": "31882",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/31882"
            },
            {
              "name": "http://blogs.technet.com/msrc/archive/2006/10/27/adodb-connection-poc-published.aspx",
              "refsource": "MISC",
              "url": "http://blogs.technet.com/msrc/archive/2006/10/27/adodb-connection-poc-published.aspx"
            },
            {
              "name": "ADV-2007-0578",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0578"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-5559",
    "datePublished": "2006-10-27T16:00:00",
    "dateReserved": "2006-10-27T00:00:00",
    "dateUpdated": "2024-08-07T19:55:53.686Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*\", \"matchCriteriaId\": \"83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:data_access_components:2.5:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"B901D0A6-2F68-4CAC-B985-6A2BA0A1705B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B339C33-8896-4896-88FF-88E74FDBC543\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:data_access_components:2.8:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"036C836C-6387-4DAC-96B2-94C979D236E8\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"60EC86B8-5C8C-4873-B364-FB1F8EFE1CFF\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:itanium:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0808041A-CE1A-433A-9C2B-019097CCFB0C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:data_access_components:2.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1F233914-2763-42E8-BCB9-E0D1186783E8\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*\", \"matchCriteriaId\": \"83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:data_access_components:2.7:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"819DDAAF-D9A3-4540-B467-2A7233D36038\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*\", \"matchCriteriaId\": \"83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:data_access_components:2.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1F233914-2763-42E8-BCB9-E0D1186783E8\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*\", \"matchCriteriaId\": \"83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:data_access_components:2.8:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"036C836C-6387-4DAC-96B2-94C979D236E8\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.\"}, {\"lang\": \"es\", \"value\": \"El objeto de control ActiveX ADODB.Connection 2.7 (ADODB.Connection.2.7) permite a atacantes remotos provocar una denegaci\\u00f3n de servicio (ca\\u00edda de Internet Explorer) mediante argumentos largos para la funci\\u00f3n Execute.\"}]",
      "evaluatorImpact": "Failed exploit attempts will likely result in an application level denial-of-service condition.",
      "id": "CVE-2006-5559",
      "lastModified": "2024-11-21T00:19:43.753",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2006-10-27T16:07:00.000",
      "references": "[{\"url\": \"http://blogs.technet.com/msrc/archive/2006/10/27/adodb-connection-poc-published.aspx\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://research.eeye.com/html/alerts/zeroday/20061027.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://secunia.com/advisories/22452\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1017127\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/589272\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"US Government Resource\"]}, {\"url\": \"http://www.osvdb.org/31882\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/20704\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Patch\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA07-044A.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2007/0578\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-009\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/29837\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A214\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://blogs.technet.com/msrc/archive/2006/10/27/adodb-connection-poc-published.aspx\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://research.eeye.com/html/alerts/zeroday/20061027.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://secunia.com/advisories/22452\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1017127\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/589272\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"US Government Resource\"]}, {\"url\": \"http://www.osvdb.org/31882\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/20704\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA07-044A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2007/0578\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-009\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/29837\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A214\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-5559\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-10-27T16:07:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.\"},{\"lang\":\"es\",\"value\":\"El objeto de control ActiveX ADODB.Connection 2.7 (ADODB.Connection.2.7) permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de Internet Explorer) mediante argumentos largos para la funci\u00f3n Execute.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:data_access_components:2.5:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"B901D0A6-2F68-4CAC-B985-6A2BA0A1705B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B339C33-8896-4896-88FF-88E74FDBC543\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:data_access_components:2.8:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"036C836C-6387-4DAC-96B2-94C979D236E8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60EC86B8-5C8C-4873-B364-FB1F8EFE1CFF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:itanium:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0808041A-CE1A-433A-9C2B-019097CCFB0C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:data_access_components:2.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F233914-2763-42E8-BCB9-E0D1186783E8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:data_access_components:2.7:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"819DDAAF-D9A3-4540-B467-2A7233D36038\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:data_access_components:2.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F233914-2763-42E8-BCB9-E0D1186783E8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:data_access_components:2.8:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"036C836C-6387-4DAC-96B2-94C979D236E8\"}]}]}],\"references\":[{\"url\":\"http://blogs.technet.com/msrc/archive/2006/10/27/adodb-connection-poc-published.aspx\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://research.eeye.com/html/alerts/zeroday/20061027.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://secunia.com/advisories/22452\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1017127\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/589272\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"US Government Resource\"]},{\"url\":\"http://www.osvdb.org/31882\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/20704\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA07-044A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/0578\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-009\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/29837\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A214\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://blogs.technet.com/msrc/archive/2006/10/27/adodb-connection-poc-published.aspx\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://research.eeye.com/html/alerts/zeroday/20061027.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://secunia.com/advisories/22452\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1017127\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/589272\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"US Government Resource\"]},{\"url\":\"http://www.osvdb.org/31882\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/20704\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA07-044A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/0578\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-009\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/29837\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A214\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorImpact\":\"Failed exploit attempts will likely result in an application level denial-of-service condition.\"}}"
  }
}

CERTA-2007-AVI-085

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité, permettant l'exécution de code arbitraire à distance, existe dans 2 composants ActiveX, Microsoft Data Access Components et Microsoft HTML Help, de Microsoft Windows.

Description

Microsoft HTML Help (hhcrtl.ocx) est un composant ActiveX permettant l'affichage des fichiers d'aide au format HTML. Une personne malveillante peut exploiter la vulnérabilité présente dans ce composant ActiveX afin d'exécuter du code arbitraire à distance par le biais d'une page web au format HTML spécialement conçue.

Microsoft Data Access Components (MDAC) est un regroupement de technologies Microsoft facilitant l'accès aux données. Une vulnérabilité présente dans le contrôle ActiveX ADODB.Connection permet à une personne malveillante d'exécuter du code arbitraire à distance par le biais d'un appel spécialement conçu d'une méthode de ce contrôle ActiveX.

Solution

Se référer aux bulletins de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Microsoft Windows XP Service Pack 2 ;
Microsoft	Windows	Microsoft Windows Serveur 2003, versions x86 et Itanium.
Microsoft	Windows	Microsoft Windows 2000 Service Pack 4 ;

References

Title

Publication Time

Tags

Bulletins de sécurités Microsoft MS07-008 et MS07-009 du 13 février 2007	None	vendor-advisory
Bulletin de sécurité Microsoft MS07-009 du 13 février 2007 :	-	other
Bulletin de sécurité Microsoft MS07-008 du 13 février 2007 :	-	other
Bulletin de sécurité Microsoft MS07-008 du 13 février 2007 :	-	other
Bulletin de sécurité Microsoft MS07-009 du 13 février 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Windows XP Service Pack 2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Serveur 2003, versions x86 et Itanium.",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows 2000 Service Pack 4 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nMicrosoft HTML Help (hhcrtl.ocx) est un composant ActiveX permettant\nl\u0027affichage des fichiers d\u0027aide au format HTML. Une personne\nmalveillante peut exploiter la vuln\u00e9rabilit\u00e9 pr\u00e9sente dans ce composant\nActiveX afin d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance par le biais d\u0027une\npage web au format HTML sp\u00e9cialement con\u00e7ue.\n\nMicrosoft Data Access Components (MDAC) est un regroupement de\ntechnologies Microsoft facilitant l\u0027acc\u00e8s aux donn\u00e9es. Une vuln\u00e9rabilit\u00e9\npr\u00e9sente dans le contr\u00f4le ActiveX ADODB.Connection permet \u00e0 une personne\nmalveillante d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance par le biais d\u0027un\nappel sp\u00e9cialement con\u00e7u d\u0027une m\u00e9thode de ce contr\u00f4le ActiveX.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-0214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0214"
    },
    {
      "name": "CVE-2006-5559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-5559"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-009 du 13 f\u00e9vrier 2007    :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS07-009.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-008 du 13 f\u00e9vrier 2007    :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS07-008.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-008 du 13 f\u00e9vrier 2007    :",
      "url": "http://www.microsoft.com/france/technet/security/bulletin/MS07-008.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-009 du 13 f\u00e9vrier 2007    :",
      "url": "http://www.microsoft.com/france/technet/security/bulletin/MS07-009.mspx"
    }
  ],
  "reference": "CERTA-2007-AVI-085",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-02-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9, permettant l\u0027ex\u00e9cution de code arbitraire \u00e0 distance,\nexiste dans 2 composants ActiveX, Microsoft Data Access Components et\nMicrosoft HTML Help, de Microsoft Windows.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans des composants ActiveX de Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9s Microsoft MS07-008 et MS07-009 du 13 f\u00e9vrier 2007",
      "url": null
    }
  ]
}

CERTA-2007-AVI-085

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité, permettant l'exécution de code arbitraire à distance, existe dans 2 composants ActiveX, Microsoft Data Access Components et Microsoft HTML Help, de Microsoft Windows.

Description

Solution

Se référer aux bulletins de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Microsoft Windows XP Service Pack 2 ;
Microsoft	Windows	Microsoft Windows Serveur 2003, versions x86 et Itanium.
Microsoft	Windows	Microsoft Windows 2000 Service Pack 4 ;

References

Title

Publication Time

Tags

Bulletins de sécurités Microsoft MS07-008 et MS07-009 du 13 février 2007	None	vendor-advisory
Bulletin de sécurité Microsoft MS07-009 du 13 février 2007 :	-	other
Bulletin de sécurité Microsoft MS07-008 du 13 février 2007 :	-	other
Bulletin de sécurité Microsoft MS07-008 du 13 février 2007 :	-	other
Bulletin de sécurité Microsoft MS07-009 du 13 février 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Windows XP Service Pack 2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Serveur 2003, versions x86 et Itanium.",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows 2000 Service Pack 4 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nMicrosoft HTML Help (hhcrtl.ocx) est un composant ActiveX permettant\nl\u0027affichage des fichiers d\u0027aide au format HTML. Une personne\nmalveillante peut exploiter la vuln\u00e9rabilit\u00e9 pr\u00e9sente dans ce composant\nActiveX afin d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance par le biais d\u0027une\npage web au format HTML sp\u00e9cialement con\u00e7ue.\n\nMicrosoft Data Access Components (MDAC) est un regroupement de\ntechnologies Microsoft facilitant l\u0027acc\u00e8s aux donn\u00e9es. Une vuln\u00e9rabilit\u00e9\npr\u00e9sente dans le contr\u00f4le ActiveX ADODB.Connection permet \u00e0 une personne\nmalveillante d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance par le biais d\u0027un\nappel sp\u00e9cialement con\u00e7u d\u0027une m\u00e9thode de ce contr\u00f4le ActiveX.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-0214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0214"
    },
    {
      "name": "CVE-2006-5559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-5559"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-009 du 13 f\u00e9vrier 2007    :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS07-009.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-008 du 13 f\u00e9vrier 2007    :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS07-008.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-008 du 13 f\u00e9vrier 2007    :",
      "url": "http://www.microsoft.com/france/technet/security/bulletin/MS07-008.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-009 du 13 f\u00e9vrier 2007    :",
      "url": "http://www.microsoft.com/france/technet/security/bulletin/MS07-009.mspx"
    }
  ],
  "reference": "CERTA-2007-AVI-085",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-02-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9, permettant l\u0027ex\u00e9cution de code arbitraire \u00e0 distance,\nexiste dans 2 composants ActiveX, Microsoft Data Access Components et\nMicrosoft HTML Help, de Microsoft Windows.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans des composants ActiveX de Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9s Microsoft MS07-008 et MS07-009 du 13 f\u00e9vrier 2007",
      "url": null
    }
  ]
}

GSD-2006-5559

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2006-5559

Aliases

CVE-2006-5559

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-5559",
    "description": "The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.",
    "id": "GSD-2006-5559"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-5559"
      ],
      "details": "The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.",
      "id": "GSD-2006-5559",
      "modified": "2023-12-13T01:19:56.008935Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-5559",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1017127",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1017127"
          },
          {
            "name": "MS07-009",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-009"
          },
          {
            "name": "20704",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/20704"
          },
          {
            "name": "oval:org.mitre.oval:def:214",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A214"
          },
          {
            "name": "22452",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/22452"
          },
          {
            "name": "TA07-044A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
          },
          {
            "name": "http://research.eeye.com/html/alerts/zeroday/20061027.html",
            "refsource": "MISC",
            "url": "http://research.eeye.com/html/alerts/zeroday/20061027.html"
          },
          {
            "name": "VU#589272",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/589272"
          },
          {
            "name": "ie-adodbconnection-Code-Execution(29837)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29837"
          },
          {
            "name": "31882",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/31882"
          },
          {
            "name": "http://blogs.technet.com/msrc/archive/2006/10/27/adodb-connection-poc-published.aspx",
            "refsource": "MISC",
            "url": "http://blogs.technet.com/msrc/archive/2006/10/27/adodb-connection-poc-published.aspx"
          },
          {
            "name": "ADV-2007-0578",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/0578"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:data_access_components:2.5:sp3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:data_access_components:2.8:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:itanium:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:data_access_components:2.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:data_access_components:2.7:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:data_access_components:2.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:data_access_components:2.8:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-5559"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://blogs.technet.com/msrc/archive/2006/10/27/adodb-connection-poc-published.aspx",
              "refsource": "MISC",
              "tags": [],
              "url": "http://blogs.technet.com/msrc/archive/2006/10/27/adodb-connection-poc-published.aspx"
            },
            {
              "name": "VU#589272",
              "refsource": "CERT-VN",
              "tags": [
                "Patch",
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/589272"
            },
            {
              "name": "20704",
              "refsource": "BID",
              "tags": [
                "Exploit",
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/20704"
            },
            {
              "name": "1017127",
              "refsource": "SECTRACK",
              "tags": [
                "Exploit",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://securitytracker.com/id?1017127"
            },
            {
              "name": "http://research.eeye.com/html/alerts/zeroday/20061027.html",
              "refsource": "MISC",
              "tags": [
                "Patch"
              ],
              "url": "http://research.eeye.com/html/alerts/zeroday/20061027.html"
            },
            {
              "name": "31882",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/31882"
            },
            {
              "name": "22452",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/22452"
            },
            {
              "name": "TA07-044A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
            },
            {
              "name": "ADV-2007-0578",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/0578"
            },
            {
              "name": "ie-adodbconnection-Code-Execution(29837)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29837"
            },
            {
              "name": "oval:org.mitre.oval:def:214",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A214"
            },
            {
              "name": "MS07-009",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-009"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-12T21:41Z",
      "publishedDate": "2006-10-27T16:07Z"
    }
  }
}

GHSA-662X-VQG2-X4MR

Vulnerability from github – Published: 2022-05-01 07:29 – Updated: 2022-05-01 07:29

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-5559"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-10-27T16:07:00Z",
    "severity": "HIGH"
  },
  "details": "The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.",
  "id": "GHSA-662x-vqg2-x4mr",
  "modified": "2022-05-01T07:29:38Z",
  "published": "2022-05-01T07:29:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-5559"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-009"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29837"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A214"
    },
    {
      "type": "WEB",
      "url": "http://blogs.technet.com/msrc/archive/2006/10/27/adodb-connection-poc-published.aspx"
    },
    {
      "type": "WEB",
      "url": "http://research.eeye.com/html/alerts/zeroday/20061027.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22452"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1017127"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/589272"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/31882"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/20704"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/0578"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2006-5559

Vulnerability from fkie_nvd - Published: 2006-10-27 16:07 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://blogs.technet.com/msrc/archive/2006/10/27/adodb-connection-poc-published.aspx
cve@mitre.org	http://research.eeye.com/html/alerts/zeroday/20061027.html	Patch
cve@mitre.org	http://secunia.com/advisories/22452	Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1017127	Exploit, Patch, Vendor Advisory
cve@mitre.org	http://www.kb.cert.org/vuls/id/589272	Patch, US Government Resource
cve@mitre.org	http://www.osvdb.org/31882
cve@mitre.org	http://www.securityfocus.com/bid/20704	Exploit, Patch
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA07-044A.html	US Government Resource
cve@mitre.org	http://www.vupen.com/english/advisories/2007/0578	Vendor Advisory
cve@mitre.org	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-009
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/29837
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A214
af854a3a-2127-422b-91ae-364da2661108	http://blogs.technet.com/msrc/archive/2006/10/27/adodb-connection-poc-published.aspx
af854a3a-2127-422b-91ae-364da2661108	http://research.eeye.com/html/alerts/zeroday/20061027.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22452	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1017127	Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/589272	Patch, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/31882
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/20704	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA07-044A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/0578	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-009
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/29837
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A214

Impacted products

Vendor	Product	Version
microsoft	windows_2000	*
microsoft	data_access_components	2.5
microsoft	windows_xp	*
microsoft	data_access_components	2.8
microsoft	windows_2003_server	*
microsoft	windows_2003_server	itanium
microsoft	data_access_components	2.8
microsoft	windows_2000	*
microsoft	data_access_components	2.7
microsoft	windows_2000	*
microsoft	data_access_components	2.8
microsoft	windows_2000	*
microsoft	data_access_components	2.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:data_access_components:2.5:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "B901D0A6-2F68-4CAC-B985-6A2BA0A1705B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:data_access_components:2.8:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "036C836C-6387-4DAC-96B2-94C979D236E8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "60EC86B8-5C8C-4873-B364-FB1F8EFE1CFF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:itanium:*:*:*:*:*:*:*",
              "matchCriteriaId": "0808041A-CE1A-433A-9C2B-019097CCFB0C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:data_access_components:2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F233914-2763-42E8-BCB9-E0D1186783E8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:data_access_components:2.7:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "819DDAAF-D9A3-4540-B467-2A7233D36038",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:data_access_components:2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F233914-2763-42E8-BCB9-E0D1186783E8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:data_access_components:2.8:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "036C836C-6387-4DAC-96B2-94C979D236E8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments."
    },
    {
      "lang": "es",
      "value": "El objeto de control ActiveX ADODB.Connection 2.7 (ADODB.Connection.2.7) permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de Internet Explorer) mediante argumentos largos para la funci\u00f3n Execute."
    }
  ],
  "evaluatorImpact": "Failed exploit attempts will likely result in an application level denial-of-service condition.",
  "id": "CVE-2006-5559",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2006-10-27T16:07:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://blogs.technet.com/msrc/archive/2006/10/27/adodb-connection-poc-published.aspx"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://research.eeye.com/html/alerts/zeroday/20061027.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22452"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://securitytracker.com/id?1017127"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/589272"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/31882"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/20704"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/0578"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-009"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29837"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A214"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://blogs.technet.com/msrc/archive/2006/10/27/adodb-connection-poc-published.aspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://research.eeye.com/html/alerts/zeroday/20061027.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22452"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://securitytracker.com/id?1017127"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/589272"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/31882"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/20704"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/0578"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-009"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29837"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A214"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2006-5559 (GCVE-0-2006-5559)

CERTA-2007-AVI-085

Description

Solution

CERTA-2007-AVI-085

Description

Solution

GSD-2006-5559

GHSA-662X-VQG2-X4MR

FKIE_CVE-2006-5559

Tags

Sightings

Nomenclature