Vulnerability in ActiveX Data Objects
By Scott M. Fulton, III, BetaNews
October 27, 2006, 2:42 PM

This morning, Microsoft's Security Response Center acknowledged the discovery of a vulnerability affecting its key ActiveX Data Objects database control, which is enrolled in COM under the handle ADODB.Connection. The vulnerability was apparently discovered by an independent researcher, and was brought to light by US-CERT and SecurityFocus.

ADO was designed to serve as a basic, no-frills sequential database access library that could be called using ordinary scripting languages. Prior to its initial release in the mid-1990s, the library was beta-tested for possible use with distributed Web applications, where a Web page containing a database control console could enable a user to access a database on his local system.

read the full story here: