cvelistv5 - cve-2006-5559

CVE-2006-5559 (GCVE-0-2006-5559)

Vulnerability from cvelistv5

Published

2006-10-27 16:00

Modified

2024-08-07 19:55

Severity ?

CWE

Summary

The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.

References

URL

Tags

	http://securitytracker.com/id?1017127	vdb-entry, x_refsource_SECTRACK
	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-009	vendor-advisory, x_refsource_MS
	http://www.securityfocus.com/bid/20704	vdb-entry, x_refsource_BID
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A214	vdb-entry, signature, x_refsource_OVAL
	http://secunia.com/advisories/22452	third-party-advisory, x_refsource_SECUNIA
	http://www.us-cert.gov/cas/techalerts/TA07-044A.html	third-party-advisory, x_refsource_CERT
	http://research.eeye.com/html/alerts/zeroday/20061027.html	x_refsource_MISC
	http://www.kb.cert.org/vuls/id/589272	third-party-advisory, x_refsource_CERT-VN
	https://exchange.xforce.ibmcloud.com/vulnerabilities/29837	vdb-entry, x_refsource_XF
	http://www.osvdb.org/31882	vdb-entry, x_refsource_OSVDB
	http://blogs.technet.com/msrc/archive/2006/10/27/adodb-connection-poc-published.aspx	x_refsource_MISC
	http://www.vupen.com/english/advisories/2007/0578	vdb-entry, x_refsource_VUPEN

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:55:53.686Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1017127",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017127"
          },
          {
            "name": "MS07-009",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-009"
          },
          {
            "name": "20704",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/20704"
          },
          {
            "name": "oval:org.mitre.oval:def:214",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A214"
          },
          {
            "name": "22452",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22452"
          },
          {
            "name": "TA07-044A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://research.eeye.com/html/alerts/zeroday/20061027.html"
          },
          {
            "name": "VU#589272",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/589272"
          },
          {
            "name": "ie-adodbconnection-Code-Execution(29837)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29837"
          },
          {
            "name": "31882",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/31882"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blogs.technet.com/msrc/archive/2006/10/27/adodb-connection-poc-published.aspx"
          },
          {
            "name": "ADV-2007-0578",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0578"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-10-25T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1017127",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017127"
        },
        {
          "name": "MS07-009",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-009"
        },
        {
          "name": "20704",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/20704"
        },
        {
          "name": "oval:org.mitre.oval:def:214",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A214"
        },
        {
          "name": "22452",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22452"
        },
        {
          "name": "TA07-044A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://research.eeye.com/html/alerts/zeroday/20061027.html"
        },
        {
          "name": "VU#589272",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/589272"
        },
        {
          "name": "ie-adodbconnection-Code-Execution(29837)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29837"
        },
        {
          "name": "31882",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/31882"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blogs.technet.com/msrc/archive/2006/10/27/adodb-connection-poc-published.aspx"
        },
        {
          "name": "ADV-2007-0578",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0578"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-5559",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1017127",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017127"
            },
            {
              "name": "MS07-009",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-009"
            },
            {
              "name": "20704",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/20704"
            },
            {
              "name": "oval:org.mitre.oval:def:214",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A214"
            },
            {
              "name": "22452",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22452"
            },
            {
              "name": "TA07-044A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
            },
            {
              "name": "http://research.eeye.com/html/alerts/zeroday/20061027.html",
              "refsource": "MISC",
              "url": "http://research.eeye.com/html/alerts/zeroday/20061027.html"
            },
            {
              "name": "VU#589272",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/589272"
            },
            {
              "name": "ie-adodbconnection-Code-Execution(29837)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29837"
            },
            {
              "name": "31882",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/31882"
            },
            {
              "name": "http://blogs.technet.com/msrc/archive/2006/10/27/adodb-connection-poc-published.aspx",
              "refsource": "MISC",
              "url": "http://blogs.technet.com/msrc/archive/2006/10/27/adodb-connection-poc-published.aspx"
            },
            {
              "name": "ADV-2007-0578",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0578"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-5559",
    "datePublished": "2006-10-27T16:00:00.000Z",
    "dateReserved": "2006-10-27T00:00:00.000Z",
    "dateUpdated": "2024-08-07T19:55:53.686Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2007-AVI-085

Vulnerability from certfr_avis

Une vulnérabilité, permettant l'exécution de code arbitraire à distance, existe dans 2 composants ActiveX, Microsoft Data Access Components et Microsoft HTML Help, de Microsoft Windows.

Description

Microsoft HTML Help (hhcrtl.ocx) est un composant ActiveX permettant l'affichage des fichiers d'aide au format HTML. Une personne malveillante peut exploiter la vulnérabilité présente dans ce composant ActiveX afin d'exécuter du code arbitraire à distance par le biais d'une page web au format HTML spécialement conçue.

Microsoft Data Access Components (MDAC) est un regroupement de technologies Microsoft facilitant l'accès aux données. Une vulnérabilité présente dans le contrôle ActiveX ADODB.Connection permet à une personne malveillante d'exécuter du code arbitraire à distance par le biais d'un appel spécialement conçu d'une méthode de ce contrôle ActiveX.

Solution

Se référer aux bulletins de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Microsoft Windows XP Service Pack 2 ;
Microsoft	Windows	Microsoft Windows Serveur 2003, versions x86 et Itanium.
Microsoft	Windows	Microsoft Windows 2000 Service Pack 4 ;

References

Title

Publication Time

Tags

Bulletins de sécurités Microsoft MS07-008 et MS07-009 du 13 février 2007	None	vendor-advisory
Bulletin de sécurité Microsoft MS07-009 du 13 février 2007 :	-	other
Bulletin de sécurité Microsoft MS07-008 du 13 février 2007 :	-	other
Bulletin de sécurité Microsoft MS07-008 du 13 février 2007 :	-	other
Bulletin de sécurité Microsoft MS07-009 du 13 février 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Windows XP Service Pack 2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Serveur 2003, versions x86 et Itanium.",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows 2000 Service Pack 4 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nMicrosoft HTML Help (hhcrtl.ocx) est un composant ActiveX permettant\nl\u0027affichage des fichiers d\u0027aide au format HTML. Une personne\nmalveillante peut exploiter la vuln\u00e9rabilit\u00e9 pr\u00e9sente dans ce composant\nActiveX afin d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance par le biais d\u0027une\npage web au format HTML sp\u00e9cialement con\u00e7ue.\n\nMicrosoft Data Access Components (MDAC) est un regroupement de\ntechnologies Microsoft facilitant l\u0027acc\u00e8s aux donn\u00e9es. Une vuln\u00e9rabilit\u00e9\npr\u00e9sente dans le contr\u00f4le ActiveX ADODB.Connection permet \u00e0 une personne\nmalveillante d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance par le biais d\u0027un\nappel sp\u00e9cialement con\u00e7u d\u0027une m\u00e9thode de ce contr\u00f4le ActiveX.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-0214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0214"
    },
    {
      "name": "CVE-2006-5559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-5559"
    }
  ],
  "initial_release_date": "2007-02-14T00:00:00",
  "last_revision_date": "2007-02-14T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-009 du 13 f\u00e9vrier 2007    :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS07-009.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-008 du 13 f\u00e9vrier 2007    :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS07-008.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-008 du 13 f\u00e9vrier 2007    :",
      "url": "http://www.microsoft.com/france/technet/security/bulletin/MS07-008.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-009 du 13 f\u00e9vrier 2007    :",
      "url": "http://www.microsoft.com/france/technet/security/bulletin/MS07-009.mspx"
    }
  ],
  "reference": "CERTA-2007-AVI-085",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-02-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9, permettant l\u0027ex\u00e9cution de code arbitraire \u00e0 distance,\nexiste dans 2 composants ActiveX, Microsoft Data Access Components et\nMicrosoft HTML Help, de Microsoft Windows.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans des composants ActiveX de Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9s Microsoft MS07-008 et MS07-009 du 13 f\u00e9vrier 2007",
      "url": null
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2006-5559 (GCVE-0-2006-5559)

Vulnerability from cvelistv5

CERTA-2007-AVI-085

Vulnerability from certfr_avis

Description

Solution

Tags

Sightings

Nomenclature