CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-5559

The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.721

EPSS Ranking 98.6%

CVSS Severity

CVSS v2 Score 9.3

References

Products affected by CVE-2006-5559

Microsoft » Data Access Components » Version: 2.5

cpe:2.3:a:microsoft:data_access_components:2.5
Microsoft » Data Access Components » Version: 2.7

cpe:2.3:a:microsoft:data_access_components:2.7
Microsoft » Data Access Components » Version: 2.8

cpe:2.3:a:microsoft:data_access_components:2.8
Microsoft » Windows 2000 » Version: N/A

cpe:2.3:o:microsoft:windows_2000:-
Microsoft » Windows 2003 Server » Version: N/A

cpe:2.3:o:microsoft:windows_2003_server:-
Microsoft » Windows 2003 Server » Version: itanium

cpe:2.3:o:microsoft:windows_2003_server:itanium
Microsoft » Windows Xp » Version: N/A

cpe:2.3:o:microsoft:windows_xp:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-5559

Products

Pricing

Contact Us