| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS07-009 | Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (927779) | Microsoft Data | Critical | 14-02-2007 |
Technical Information
Brief overview of the risk:
A remote code execution vulnerability exists in the ADODB.Connection ActiveX control that is provided as part of the ActiveX Data Objects (ADO) and that is distributed in MDAC. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Detailed Information on the risk:
This vulnerability involves a long string passed to the ADOBDB.Connection ActiveX control that ships with MDAC.Further information on this exploit is available at : MS07-009
Affected Software
Microsoft Data Access Components 2.5 Service Pack 3 on Microsoft Windows 2000 Service Pack 4Microsoft Data Access Components 2.8 Service Pack 1 on Microsoft Windows XP Service Pack 2
Microsoft Data Access Components 2.8 on Microsoft Windows Server 2003
Microsoft Data Access Components 2.8 on Microsoft Windows Server 2003 for Itanium-based Systems