CVE-2006-5559

CVE Database · CVE-2006-5559

CVE-2006-5559

· N/AModified

CVSS v3.1

N/A

EPSS

40.80%

Published

Oct 27, 2006

Modified

Apr 22, 2026

Public PoC / Exploit (2)

All weaponized →

Exploit-DBMicrosoft Internet Explorer - ADODB Execute Denial of Service (PoC)TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.

Weaknesses (CWE)

CWE-20

Affected Products (13)

microsoft · windows_2000

microsoft · data_access_componentsvulnerable

microsoft · windows_xp

microsoft · data_access_componentsvulnerable

microsoft · windows_2003_server

microsoft · data_access_componentsvulnerable

microsoft · windows_2000

microsoft · data_access_componentsvulnerable

microsoft · windows_2000