Harry Waldron - Corporate Security News

New Security Developments, Best Practices, and Important Security Updates

RSS
Atom

Home
Contact

MS07-009: ADODB ActiveX based Exploit Code

Posted Tuesday, March 27, 2007 4:56 PM by hwaldron

The MS07-009 patch should be applied by most companies and home users. However, if someone isn't patched, they should do so quickly in light of this recent development.

http://www.us-cert.gov/current/current_activity.html#ADODBActiveX

quote:

US-CERT is aware of publicly available exploit code for a vulnerability in the Microsoft ADODB.Connection ActiveX Control. The vulnerability in the ADODB.Connection ActiveX object causes memory corruption, and may allow a remote, unauthenticated attacker to cause Internet Explorer to crash or potentially execute arbitrary code.

More information about this vulnerability can be found in the following:

Vulnerability Note VU#589272- ADODB.Connection ActiveX control memory corruption vulnerability

Microsoft Security Bulletin MS07-009

US-CERT recommends the following actions to help mitigate the security risks:

Apply the update as described in Microsoft Security Bulletin MS07-009

Disable the ADODB.Connection ActiveX control in Internet Explorer, as specified in Vulnerability Note VU#589272

Disable ActiveX

For more information on disabling ActiveX, please refer to the Securing Your Web Browser document and the Malicious Web Scripts FAQ.

Comments

No Comments

Harry Waldron - Corporate Security News

Navigation

Archives

MS07-009: ADODB ActiveX based Exploit Code

Comments