Threat Level: green Handler on Duty: Russ McRee

SANS ISC: ADODB.connection Vuln - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
ADODB.connection Vuln
A recently discovered vulnerability in ADODB.connection has a proof of concept exploit. Microsoft has mentioned it in their blog. William believes this will be the 'drive by' threat vector of the next little while. This particular threat impact is remote code execution of choice.

The code creates new ActiveXObject('ADODB.Connection.2.7') and then executes a number of times. The PoC is a Denial of Service, but it is just a question of time until a working version with shellcode is out (if not already).

Mitigation: Disable ActiveX completely, or only allow it in trusted zones
US-CERT has published a note here. "The ADODB.Connection ActiveX control can be disabled in Internet Explorer by setting the kill bit for the following CLSID:
    {00000514-0000-0010-8000-00AA006D2EA4} "

Cheers,
Adrien de Beaupré
(Only in Canada eh?)
BSSI/Cinnabar Networks
Adrien de Beaupre

353 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!