Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 HTTP:STC:ACTIVEX:MS-MDAC

Severity

 Minor

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 Microsoft Data Access Control ActiveX Remote Code Execution

Release Date

 2007/02/13

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: Microsoft Data Access Control ActiveX Remote Code Execution


This signature detects attempts to exploit a known vulnerability against Microsoft Data Access Control ADODB ActiveX. An attacker can create a malicious Web site, which if accessed by a victim, allows the attacker to gain control of the victim's target system.

Extended Description

Microsoft Internet Explorer is prone to a memory-corruption condition when processing a specific method from the 'ADODB.Connection.2.7' instantiated ActiveX Object. Successful exploits may allow attackers to crash the application, denying further service to users. This issue may also be exploited to execute arbitrary machine-code, but this has not been confirmed. This issue does not affect Microsoft Data Access Components 2.8 on Windows Vista.

Affected Products

  • Avaya agent_access
  • Avaya basic_call_management_system_reporting_desktop server
  • Avaya basic_call_management_system_reporting_desktop
  • Avaya cms_supervisor
  • Avaya computer_telephony
  • Avaya contact_center_express
  • Avaya cvlan
  • Avaya enterprise_management
  • Avaya integrated_management
  • Avaya interaction_center
  • Avaya ip_agent
  • Avaya ip_softphone
  • Avaya messaging_application_server
  • Avaya modular_messaging_(mas)
  • Avaya network_reporting
  • Avaya octelaccess(r)_server
  • Avaya octeldesignertm
  • Avaya operational_analyst
  • Avaya outbound_contact_management
  • Avaya s8100_media_servers R10
  • Avaya s8100_media_servers R11
  • Avaya s8100_media_servers R12
  • Avaya s8100_media_servers R6
  • Avaya s8100_media_servers R7
  • Avaya s8100_media_servers R8
  • Avaya s8100_media_servers R9
  • Avaya s8100_media_servers
  • Avaya unified_communication_center
  • Avaya unified_messenger_(r)
  • Avaya visual_messenger_tm
  • Avaya visual_vector_client
  • Avaya vpnmanagertm_console
  • Avaya web_messenger
  • Hp storage_management_appliance 2.1
  • Microsoft data_access_components_(mdac) 2.5 SP3
  • Microsoft data_access_components_(mdac) 2.8
  • Microsoft data_access_components_(mdac) 2.8 SP1
  • Microsoft internet_explorer 6.0
  • Microsoft internet_explorer 6.0 SP1
  • Nortel_networks callpilot 1002Rp
  • Nortel_networks callpilot 200I
  • Nortel_networks callpilot 201I
  • Nortel_networks callpilot 702T
  • Nortel_networks callpilot 703T
  • Nortel_networks centrex_ip_client_manager 2.5.0
  • Nortel_networks centrex_ip_client_manager 7.0.0
  • Nortel_networks centrex_ip_client_manager 8.0.0
  • Nortel_networks centrex_ip_client_manager 9.0
  • Nortel_networks centrex_ip_client_manager
  • Nortel_networks contact_center
  • Nortel_networks contact_center_express
  • Nortel_networks contact_center_manager
  • Nortel_networks contact_center_manager_server
  • Nortel_networks contact_center-tapi_server
  • Nortel_networks symposium_agent
  • Nortel_networks symposium_network_control_center_(ncc)
  • Nortel_networks symposium_tapi_service_provider

References

  • BugTraq: 20704
  • BugTraq: 50305
  • CVE: CVE-2006-5559

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out