Title: Microsoft Windows ADODB.Recordset ActiveX SysFreeString Invalid Length DoS Weakness
Jul 29, 2006
Mar 26, 2007
Feb 13, 2007
Microsoft Windows contains an out-of-bounds read flaw in the ADODB.Recordset ActiveX control that is triggered when when calling the 'NextRecordset' method several times with a long argument. With a specially crafted web page viewed with e.g. Internet Explorer, a context-dependent attacker can crash the browser or potentially disclose memory contents.
Loss of Availability
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.