Public exploits available
On this page
A remote code execution vulnerability exists in the HTML Help ActiveX control. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow remote code execution if a user visited that page.
An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Technical details (analysis)
The ADODB.Connection ActiveX control included in MDAC could, if passed unexpected data, cause Internet Explorer to fail in a way that could allow code execution. Unitialized variable that is used in certain methods of HHCtrl ActiveX control can be exploited because proper set up is not done in the object param attributes.
Microsoft Data Access Components 2.5 Service Pack 3 on Microsoft Windows 2000 Service Pack 4
Microsoft Data Access Components 2.8 Service Pack 1 on Microsoft Windows XP Service Pack 2
Microsoft Data Access Components 2.8 on Microsoft Windows Server 2003
Microsoft Data Access Components 2.8 on Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Data Access Components 2.8 Service Pack 2 on Microsoft Windows XP Professional x64 Edition
Microsoft Data Access Components 2.8 Service Pack 2 on Microsoft Windows Server 2003 Service Pack 1
Microsoft Data Access Components 2.8 Service Pack 2 on Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Data Access Components 2.8 Service Pack 2 on Microsoft Windows Server 2003 x64 Edition
Windows Data Access Components 6.0 on Windows Vista
Release Date: 2006-12-12T00:00:00
Known false positives
No known false positives at this time.
Prevent the ADODB.Connection ActiveX Control from running in Internet Explorer.
Unregister the ADO ActiveX controls.
Configure Internet Explorer to prompt before running ActiveX Controls or disable ActiveX Controls in the Internet and Local intranet security zone.
Set Internet and Local intranet security zone settings to “High” to prompt before running ActiveX Controls and Active Scripting in these zones.