Summary
An ADO stream object represents a file in memory. The stream object contains several methods for reading and writing binary files and text files. When this by-design functionality is combined with known security vulnerabilities in Microsoft Internet Explorer, an Internet Web site could execute script from the Local Machine zone.
This behavior occurs because the ADODB.Stream object permits access to the hard disk when the ADODB.Stream object is hosted in Internet Explorer.
Solution
http://support.microsoft.com/?kbid=870669
Severity
Classification
-
CVSS Base Score: 7.6
AV:N/AC:H/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft Comctl32 Integer Overflow Vulnerability (2864058)
- Microsoft IIS FTP Server 'Malformed FTP List Request' DOS Vulnerability
- Cumulative Security Update for Internet Explorer (972260)
- Cumulative Security Update for Internet Explorer (928090)
- ISA Server 2000 and Proxy Server 2.0 Internet Content Spoofing (888258)