Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: ADODB.connection Vuln SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
ADODB.connection Vuln
A recently discovered vulnerability in ADODB.connection has a proof of concept exploit. Microsoft has mentioned it in their blog. William believes this will be the 'drive by' threat vector of the next little while. This particular threat impact is remote code execution of choice.

The code creates new ActiveXObject('ADODB.Connection.2.7') and then executes a number of times. The PoC is a Denial of Service, but it is just a question of time until a working version with shellcode is out (if not already).

Mitigation: Disable ActiveX completely, or only allow it in trusted zones
US-CERT has published a note here. "The ADODB.Connection ActiveX control can be disabled in Internet Explorer by setting the kill bit for the following CLSID:
    {00000514-0000-0010-8000-00AA006D2EA4} "

Adrien de Beaupré
(Only in Canada eh?)
BSSI/Cinnabar Networks
I will be teaching next: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques - Cyber Defence India August 2021

Adrien de Beaupre

353 Posts
ISC Handler
Oct 27th 2006

Sign Up for Free or Log In to start participating in the conversation!