(MS07-009) Microsoft Windows MDAC ActiveX Vulnerability (927779)

Content

(MS07-009) Microsoft Windows MDAC ActiveX Vulnerability (927779)

Type: Buffer Overflow
Impact of exploitation: Remote Code Execution
User Interaction: user interaction is needed
Attack Vector: Website with malicious content
Rating: Medium
CVE reference: CVE-2006-5559,; 2006-5559,
Vendor Status: Responded and patched
Vulnerable systems: Windows XP SP0 - SP2,; Windows 2003 SP0 - SP1,; Microsoft Data Access Components 2.8,; Microsoft Data Access Components 2.8 SP1,; Windows 2000 SP4,
Summary: A vulnerability in Microsoft Data Access Components may allow for remote code execution. A user would have to visit a malicious Web site for an attack to occur.

Tab Navigation

Description

Microsoft Data Access Components (MDAC) is a framework that allows data access across various Microsoft technologies. A vulnerability in Microsoft Data Access Components may allow for remote code execution. The vulnerability is a buffer overflow in the ADODB.connection ActiveX object that can be triggered by a specially crafted Web page. A user would have to visit a malicious Web site for an attack to occur.

McAfee Product Mitigation & Recommendations

Recommendations

Download and install the patch available from Microsoft (927779): http://www.microsoft.com/technet/security/Bulletin/MS07-009.mspx

McAfee Product Mitigation

McAfee Foundstone

This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.

Signature:: (MS07-009) Microsoft Windows MDAC ActiveX Vulnerability (927779)
Signature identifier:: 4725
Release date:: 11/2/2006

McAfee Intrushield

McAfee Intrushield is proactively protecting customers against all known exploits of this buffer overflow vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.

Signature:: Microsoft Internet Explorer ADODB.connection 0-Day
Signature identifier:: 0x4022F000
Release date:: 11/14/2006
First released in:: sigset 3.1.25

McAfee Host IPS

McAfee Host IPS is proactively protecting customers against all known exploits of this buffer overflow vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.

Signature:: [0day] Windows IE ADODB.Connection Vulnerability
Signature identifier:: 3779
Release date:: 11/14/2006
First released in:: Security content update 739

McAfee VirusScan Enterprise 8.0i (VSE8.0i) / Managed Virus Scan (MVS) Buffer Overflow Protection

McAfee VSE8.0i and MVS is proactively protecting customers against all known exploits of this buffer overflow vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.

Signature:: Buffer Overflow Protection
Release date:: 8/30/2004
First released in:: build 131

Additional Resources

ADODB.Connection POC Published

http://blogs.technet.com/msrc/archive/2006/10/27/adodb-connection-poc-published.aspx

ADODB.Connection ActiveX control unspecified vulnerability

http://www.kb.cert.org/vuls/id/589272

Microsoft Security Bulletin MS07-009: Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (927779)

http://www.microsoft.com/technet/security/Bulletin/MS07-009.mspx

All Information

Timeline -

3/26/2007

A proof of concept has been released.

2/13/2007

Vendor has provided a patch.

10/26/2006

Vendor has provided information on the vulnerability.

10/24/2006

Vulnerability information has been publicly disclosed.