HTTP: Microsoft Data Access Control ActiveX Remote Code Execution
This signature detects attempts to exploit a known vulnerability against Microsoft Data Access Control ADODB ActiveX. An attacker can create a malicious Web site, which if accessed by a victim, allows the attacker to gain control of the victim's target system.
Extended Description
Microsoft Internet Explorer is prone to a memory-corruption condition when processing a specific method from the 'ADODB.Connection.2.7' instantiated ActiveX Object. Successful exploits may allow attackers to crash the application, denying further service to users. This issue may also be exploited to execute arbitrary machine-code, but this has not been confirmed. This issue does not affect Microsoft Data Access Components 2.8 on Windows Vista.
Affected Products
Avaya s8100_media_servers,Nortel_networks centrex_ip_client_manager
Short Name
HTTP:STC:ACTIVEX:MS-MDAC
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Access ActiveX CVE-2006-5559 Code Control Data Execution Microsoft Remote bid:20704 bid:50305
Release Date
02/13/2007
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3339
False Positive
Unknown
Vendors
Nortel_networks
Avaya
Microsoft
CVSS Score
9.3