############################################################################## # # MS Internet Explorer ADODB.Connection Memory Corruption Vulnerability # # Copyright: OS2A and it's member companies # # Date Written: 2006/10/30 # # $Revision: 1.2 $ # # $Log: os2a_ie_adodb_mem_corruption_601791.nasl,v $ # Revision 1.2 2007/02/13 23:44:19 schandan # Update for MS07-009. Issue #3177 # # Revision 1.5 2007/02/13 23:14:48 areddy # Issue #3177 # # Revision 1.1 2006/10/31 08:31:44 hpavithra # To production # # Revision 1.1 2006/10/30 09:21:37 shraddha # Issue: #3177 # ------------------------------------------------------------------------ # This program was written by OS2A and/or it's member companies and is # licensed under the GNU GPL license. Please see below for details. This # header contains information regarding licensing terms under the GPL, and # information regarding obtaining source code from the Author. Consequently, # pursuant to section 3(c) of the GPL, you must accompany the information # found in this header with any distribution you make of this Program. # ------------------------------------------------------------------------ ############################################################################## if(description) { script_id(601791); script_bugtraq_id(20704); script_cve_id("CVE-2006-5559"); script_version("$Revision: 1.2 $"); script_category(ACT_GATHER_INFO); script_name(english:"MS Internet Explorer ADODB.Connection Memory Corruption Vulnerability"); script_summary(english:"Check for vulnerable version of Internet Explorer"); script_copyright(english:"Copyright (C) 2006 OS2A"); script_family(english:"Windows"); desc["english"] = " MS07-009 Overview : This host has critical security update missing according to Microsoft Bulletin MS07-009. These flaws are due to, - anerror when processing Execute() method from the ADODB.Connection.2.7 instantiated ActiveX Object. This can be exploited by convincing a user to view a specially crafted HTML document. - a remote code execution vulnerability exists in the ADODB.Connection ActiveX control that is provided as part of the ActiveX Data Objects (ADO) and that is distributed in MDAC. Impact : Successful exploitation allows an attacker to crash the explorer or possibly execute arbitrary code and to take complete control of an affected system. Impact of the vulnerability is limited to system level. Affected Software : MS Internet Explorer 6.x and prior. Microsoft Data Access Components 2.5 Service Pack 3 Microsoft Data Access Components 2.8 Service Pack 1 Microsoft Data Access Components 2.8 Affected Platform : Microsoft Windows 2000 Service Pack 4 and prior Microsoft Windows XP Service Pack 2 and prior Microsoft Windows Server 2003. Solution : Run Windows Update as soon as possible and install the listed hotfixes. If the hotfix mentioned in the advisory is not listed by Windows Update, download from the link mentioned in the references and update. http://www.microsoft.com/technet/security/Bulletin/MS07-009.mspx http://www.microsoft.com/windows/ie/default.mspx References : http://blogs.technet.com/msrc/archive/2006/10/27/adodb-connection-poc-published.aspx http://www.microsoft.com/technet/security/Bulletin/MS07-009.mspx http://www.kb.cert.org/vuls/id/589272 CVSS Score : CVSS Base Score : 5.6 (AV:R/AC:H/Au:NR/C:P/I:P/A:P/B:N) CVSS Temporal Score : 4.1 Risk factor : Medium"; script_description(english:desc["english"]); script_dependencies("smb_hotfixes.nasl", "os2a_iexplorer_detect_601624.nasl"); script_require_keys("SMB/WindowsVersion", "IE/Version"); exit(0); } include("ntlmv2.inc"); include("smb_hotfixes.inc"); if(hotfix_check_sp(win2k:5, xp:3, win2003:1) <= 0){ exit(0); } iexpVer = get_kb_item("IE/Version"); if(!iexpVer){ exit(0); } if(!cx_registry_key_exists( key:"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB927779")){ security_warning(0); }