CVE-2006-5559

Name of the Vulnerable Software and Affected Versions: MDAC versions 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 ADODB.Connection versions 2.7 and 2.8

Description: The issue is related to the Execute method in the ADODB.Connection ActiveX control objects. It does not properly track freed memory when the second argument is a BSTR. This allows remote attackers to cause a denial of service, such as an Internet Explorer crash, and possibly execute arbitrary code via certain strings in the second and third arguments.

Recommendations: For MDAC versions 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1, consider disabling the Execute method in the ADODB.Connection ActiveX control objects until a patch is available. For ADODB.Connection versions 2.7 and 2.8, restrict access to the Execute method to minimize the risk of exploitation.