CVE-2006-5559: CVE-2006-5559

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2006-5559

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Microsoft IE ADODB.Connection对象Execute函数内存破坏漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Internet Explorer是微软发布的非常流行的WEB浏览器。 IE中ADODB.Connection ActiveX对象的Execute()函数存在内存破坏漏洞，远程攻击者可以通过诱骗用户访问恶意WEB页面或HTML文档导致浏览器崩溃或执行任意代码。 Execute()函数允许恶意脚本以绕过脚本解释程序内存管理器的方式释放堆内存。Execute的第二个参数是一个变量，传送给了VariantClear,如果变量代表BSTR的话就会使用SysFreeString释放相关的字符串内存。脚本解释程序无法

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2006-5559

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2006-5559

Please Login to view more intelligence information

http://research.eeye.com/html/alerts/zeroday/20061027.htmlx_refsource_MISC
http://blogs.technet.com/msrc/archive/2006/10/27/adodb-connection-poc-published.aspxx_refsource_MISC
http://www.securityfocus.com/bid/20704vdb-entryx_refsource_BID
http://secunia.com/advisories/22452third-party-advisoryx_refsource_SECUNIA
http://securitytracker.com/id?1017127vdb-entryx_refsource_SECTRACK
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-009vendor-advisoryx_refsource_MS
http://www.kb.cert.org/vuls/id/589272third-party-advisoryx_refsource_CERT-VN
http://www.vupen.com/english/advisories/2007/0578vdb-entryx_refsource_VUPEN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A214vdb-entrysignaturex_refsource_OVAL
https://exchange.xforce.ibmcloud.com/vulnerabilities/29837vdb-entryx_refsource_XF
https://nvd.nist.gov/vuln/detail/CVE-2006-5559

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2006-5559

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2006-5559

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2006-5559

III. Intelligence Information for CVE-2006-5559

IV. Related Vulnerabilities

V. Comments for CVE-2006-5559

Leave a comment