Full exploit code
This code exploit “double free error” in msado15.dll NextRecordset() function.
As a result of double freeing of same string, rewriting of Heap Control Block
by malicious data is occuring.
Technique of exploitation is based on “Lookaside remapping”.
was published for Microsoft Data Access Components vulnerability MS07-009. The original demonstration of this vulnerability occurred on July 29, 2006 in HD Moore’s Month of Browser Bugs
On February 13, 2007, Microsoft® released patch MS07-009 to address this vulnerability. You should apply this patch immediately, if you have not yet done so.
Affected Software:
• Microsoft Data Access Components 2.5 Service Pack 3 on Microsoft Windows 2000 Service Pack 4
• Microsoft Data Access Components 2.8 Service Pack 1 on Microsoft Windows XP Service Pack 2
• Microsoft Data Access Components 2.8 on Microsoft Windows Server 2003
• Microsoft Data Access Components 2.8 on Microsoft Windows Server 2003 for Itanium-based Systems
