Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:STC:ACTIVEX:MS-MDAC

Severity

 Medium

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 Microsoft Data Access Control ActiveX Remote Code Execution

Release Date

 2007/02/13

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Microsoft Data Access Control ActiveX Remote Code Execution


This signature detects attempts to exploit a known vulnerability against Microsoft Data Access Control ADODB ActiveX. An attacker can create a malicious Web site, which if accessed by a victim, allows the attacker to gain control of the victim's target system.

Extended Description

Microsoft Internet Explorer is prone to a memory-corruption condition when processing a specific method from the 'ADODB.Connection.2.7' instantiated ActiveX Object. Successful exploits may allow attackers to crash the application, denying further service to users. This issue may also be exploited to execute arbitrary machine-code, but this has not been confirmed. This issue does not affect Microsoft Data Access Components 2.8 on Windows Vista.

Affected Products

  • Avaya Agent Access
  • Avaya Basic Call Management System Reporting Desktop server
  • Avaya Basic Call Management System Reporting Desktop
  • Avaya CMS Supervisor
  • Avaya Computer Telephony
  • Avaya Contact Center Express
  • Avaya CVLAN
  • Avaya Enterprise Management
  • Avaya Integrated Management
  • Avaya Interaction Center
  • Avaya IP Agent
  • Avaya IP Softphone
  • Avaya Messaging Application Server
  • Avaya Modular Messaging (MAS)
  • Avaya Network Reporting
  • Avaya OctelAccess(r) Server
  • Avaya OctelDesignerTM
  • Avaya Operational Analyst
  • Avaya Outbound Contact Management
  • Avaya S8100 Media Servers R10
  • Avaya S8100 Media Servers R11
  • Avaya S8100 Media Servers R12
  • Avaya S8100 Media Servers R6
  • Avaya S8100 Media Servers R7
  • Avaya S8100 Media Servers R8
  • Avaya S8100 Media Servers R9
  • Avaya S8100 Media Servers
  • Avaya Unified Communication Center
  • Avaya Unified Messenger (r)
  • Avaya Visual Messenger TM
  • Avaya Visual Vector Client
  • Avaya VPNmanagerTM Console
  • Avaya Web Messenger
  • HP Storage Management Appliance 2.1
  • Microsoft Data Access Components (MDAC) 2.5 SP3
  • Microsoft Data Access Components (MDAC) 2.8
  • Microsoft Data Access Components (MDAC) 2.8 SP1
  • Microsoft Internet Explorer 6.0
  • Microsoft Internet Explorer 6.0 SP1
  • Nortel Networks CallPilot 1002Rp
  • Nortel Networks CallPilot 200I
  • Nortel Networks CallPilot 201I
  • Nortel Networks CallPilot 702T
  • Nortel Networks CallPilot 703T
  • Nortel Networks Centrex IP Client Manager 2.5.0
  • Nortel Networks Centrex IP Client Manager 7.0.0
  • Nortel Networks Centrex IP Client Manager 8.0.0
  • Nortel Networks Centrex IP Client Manager 9.0
  • Nortel Networks Centrex IP Client Manager
  • Nortel Networks Contact Center
  • Nortel Networks Contact Center Express
  • Nortel Networks Contact Center Manager
  • Nortel Networks Contact Center Manager Server
  • Nortel Networks Contact Center - TAPI Server
  • Nortel Networks Symposium Agent
  • Nortel Networks Symposium Network Control Center (NCC)
  • Nortel Networks Symposium TAPI Service Provider

References

  • BugTraq: 50305
  • BugTraq: 20704
  • CVE: CVE-2006-5559

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out