MS KB870669: ADODB.Stream object from Internet Explorer
High Nessus Plugin ID 12298
SynopsisThe remote host contains a version of IE which may read and write to local files.
DescriptionThe remote host contains a vulnerability in IE. The ADODB.Stream object can be used by a malicious web page to read and write to local files.
An attacker could use this flaw to gain access to the data on the remote host. To exploit this flaw, an attacker would need to set up a rogue website and lure a user on the remote host into visiting it. If the website contains the proper call to the ADODB object, then it may execute data on the remote host.
SolutionMicrosoft produced a workaround for this problem.