Security Best Practices, Breaking News, & Updates
quote:US-CERT is aware of publicly available exploit code for a vulnerability in the Microsoft ADODB.Connection ActiveX Control. The vulnerability in the ADODB.Connection ActiveX object causes memory corruption, and may allow a remote, unauthenticated attacker to cause Internet Explorer to crash or potentially execute arbitrary code. More information about this vulnerability can be found in the following:
Vulnerability Note VU#589272- ADODB.Connection ActiveX control memory corruption vulnerability
Microsoft Security Bulletin MS07-009 US-CERT recommends the following actions to help mitigate the security risks:
Apply the update as described in Microsoft Security Bulletin MS07-009
Disable the ADODB.Connection ActiveX control in Internet Explorer, as specified in Vulnerability Note VU#589272
For more information on disabling ActiveX, please refer to the Securing Your Web Browser document and the Malicious Web Scripts FAQ.