One of the recent security bulletins from Microsoft at the time of writing this
chapter was MS07-009, a vulnerability in Microsoft Data Access Components (MDAC).
Reading through the security bulletin??™s vulnerability details, you can find specific reference
to the ADODB.Connection ActiveX control. Microsoft doesn??™t always give as much
technical detail in the bulletin as security researchers would like, but you can always
count on them to be consistent in pointing at least to the affected binary and affected
platforms, as well as providing workarounds. The workarounds listed in the bulletin call
out the clsid (00000514-0000-0010-8000-00AA006D2EA4), but if we want to reproduce
the vulnerability, we need the property name or method name and the arguments
that cause the crash. Let??™s see if AxMan can rediscover the vulnerability for us.
TIP If you??™re going to follow along with this section, you??™ll first want to
disconnect your computer from the Internet because we??™re going to expose
our team machine and your workstation to a critical browse-and-you??™reowned
security vulnerability. There is no known exploit for this vulnerability
as of this writing, but please, please reapply the security update after you??™re done reading.
Pages:
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687