ADODB.Stream Object From Internet Explorer (KB870669) Network Vulnerability

Summary

An ADO stream object represents a file in memory. The stream object contains several methods for reading and writing binary files and text files. When this by-design functionality is combined with known security vulnerabilities in Microsoft Internet Explorer, an Internet Web site could execute script from the Local Machine zone. This behavior occurs because the ADODB.Stream object permits access to the hard disk when the ADODB.Stream object is hosted in Internet Explorer.

Solution

http://support.microsoft.com/?kbid=870669

Severity

Classification

CVSS	Base Score: 7.6 AV:N/AC:H/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft .NET Common Language Runtime Remote Code Execution Vulnerability (2265906)
Microsoft .NET Framework Multiple Vulnerabilities (2916607)
Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426)
Microsoft .NET Framework Remote Code Execution Vulnerability (2671605)
Flaw in Microsoft VM Could Allow Code Execution (810030)

ADODB.Stream object from Internet Explorer (KB870669)

Take action and discover your vulnerabilities