Info

Disclosure

Jul 29, 2006

Discovery

Unknown

Dates

Exploit

Mar 26, 2007

Solution

Feb 13, 2007

Description

Internet Explorer contains a flaw that may allow a local denial of service. The issue is triggered when opening a web page containing a script which calls the 'ADODB.Recordset' ActiveX object's 'NextRecordset' method several times with a long argument. This will result in an invalid memory access causing the browser to crash.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Availability
Solution: Solution Unknown
Exploit: Exploit Public
Disclosure: Vendor Verified

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

Microsoft Corporation

Internet Explorer

References

Bugtraq ID: 19227
CVE ID: 2006-7206 (see also: NVD)
Related OSVDB ID: 27532
Metasploit ID: 27532
ISS X-Force ID: 28066
Milw0rm: 3577
Exploit Database: 3577
Microsoft Knowledge Base Article: 927779
Other Advisory URL: http://browserfun.blogspot.com/2006/07/mobb-29-adodbrecordset-nextrecordset.html
Generic Exploit URL: http://metasploit.com/users/hdm/tools/browserfun/mobb_029.html
News Article: http://www.infoworld.com/article/07/03/26/HNieattackcodeposted_1.html
Keyword: MoBB #29
Microsoft Security Bulletin: MS07-009

Credit

H D Moore - hdmmetasploit.com - DigitalOffense

Direct URL: http://osvdb.org/27532