Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - ADODB.connection Vuln InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

ADODB.connection Vuln

Published: 2006-10-27
Last Updated: 2006-10-27 18:50:51 UTC
by Adrien de Beaupre (Version: 1)
0 comment(s)
A recently discovered vulnerability in ADODB.connection has a proof of concept exploit. Microsoft has mentioned it in their blog. William believes this will be the 'drive by' threat vector of the next little while. This particular threat impact is remote code execution of choice.

The code creates new ActiveXObject('ADODB.Connection.2.7') and then executes a number of times. The PoC is a Denial of Service, but it is just a question of time until a working version with shellcode is out (if not already).

Mitigation: Disable ActiveX completely, or only allow it in trusted zones
US-CERT has published a note here. "The ADODB.Connection ActiveX control can be disabled in Internet Explorer by setting the kill bit for the following CLSID:
    {00000514-0000-0010-8000-00AA006D2EA4} "

Cheers,
Adrien de Beaupré
(Only in Canada eh?)
BSSI/Cinnabar Networks
Keywords:
0 comment(s)
Diary Archives