7 results (0.004 seconds)

CVSS: 9.3EPSS: 96%CPEs: 13EXPL: 3

The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments. El objeto de control ActiveX ADODB.Connection 2.7 (ADODB.Connection.2.7) permite a atacantes remotos provocar una denegación de servicio (caída de Internet Explorer) mediante argumentos largos para la función Execute. • https://www.exploit-db.com/exploits/2629 http://blogs.technet.com/msrc/archive/2006/10/27/adodb-connection-poc-published.aspx http://research.eeye.com/html/alerts/zeroday/20061027.html http://secunia.com/advisories/22452 http://securitytracker.com/id?1017127 http://www.kb.cert.org/vuls/id/589272 http://www.osvdb.org/31882 http://www.securityfocus.com/bid/20704 http://www.us-cert.gov/cas/techalerts/TA07-044A.html http://www.vupen.com/english/advisories/2007/0578 • CWE-20: Improper Input Validation •

CVSS: 5.1EPSS: 96%CPEs: 6EXPL: 3

Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors. • https://www.exploit-db.com/exploits/2164 https://www.exploit-db.com/exploits/16561 https://www.exploit-db.com/exploits/2052 http://secunia.com/advisories/19583 http://secunia.com/advisories/20719 http://securitytracker.com/id?1015894 http://www.hitachi-support.com/security_e/vuls_e/HS06-013_e/01-e.html http://www.hitachi-support.com/security_e/vuls_e/HS06-013_e/index-e.html http://www.kb.cert.org/vuls/id/234812 http://www.osvdb.org/24517 http:/ •

CVSS: 10.0EPSS: 42%CPEs: 4EXPL: 0

Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request. Desbordamiento de búfer en un componente de Microsoft Data Access Components (MDAC) 2.5 a 2.8 permite a atacantes remotos ejecutar código arbitrario mediante una respuesta UDP malformada a una petición de difusión. • http://www.kb.cert.org/vuls/id/139150 http://www.osvdb.org/3457 http://www.securityfocus.com/bid/9407 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-003 https://exchange.xforce.ibmcloud.com/vulnerabilities/14187 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A525 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A553 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 11%CPEs: 15EXPL: 0

Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434. Desbordamientos de búfer en cierto componente de Microsoft Data Access Components (MDAC) 2.5 a 2.7 permite a atacantes remotos ejecutar código arbitrario mediante una cierta respuesta a una dirección de multidifusión. • http://marc.info/?l=bugtraq&m=106149556627778&w=2 http://marc.info/?l=ntbugtraq&m=106251069107953&w=2 http://www.securityfocus.com/bid/8455 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-033 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1039 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6954 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A961 http •

CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 0

Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft MDAC 2.5 through 2.7 allows remote attackers to have unknown impact with unknown attack vectors. NOTE: due to the lack of details available regarding this issue, perhaps it should be REJECTED. • http://www.nextgenss.com/vna/ms-ado.txt http://www.securityfocus.com/bid/4849 https://exchange.xforce.ibmcloud.com/vulnerabilities/10186 •