Turkish hacker.

I don't think most web site admins are going to have the option to disable ADODB.Stream as it would probably have to be disabled for entire server hosting hundreds of other sites.

However, I think the security flaws in ADODB.Stream actually compromise the client when combined with flaws with Internet Explorer. The ADODB.Stream/IE security flaws allow a web page to execute script on the client machine in the Local Machine internet zone.

The Turkish hacker utility that I've seen doesn't exploit any unintentional security bugs or flaws. It will work on ANY server that uses ANY enabled version of the ADODB.Stream and no correction of unintensional flaws therein will hinder this hacker utility. Only server administrators using best practice security configurations can stop this utility from working.

Even a flawed ADODB.Stream is working with the security rights of the anonymous web user, so ADODB.Stream can be used to upload files ONLY to folders to which the anonymous user has such permission.

Of course, there are always other security flaws and poor server configurations that could be exploited to change that, but WWF is required or even useful for any of this hacking. And don't let your host tell you that by using WWF, it was your fault that the server was compromised.