CVE-2007-4891

Exploit

EPSS 57.93%
Published 14.09.2007 01:17:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier in Microsoft Visual Studio 6.0 exposes dangerous (1) StartProcess, (2) SyncShell, (3) SaveAs, (4) CABDefaultURL, (5) CABFileName, and (6) CABRunFile methods, which allows remote attackers to execute arbitrary programs and have other impacts, as demonstrated using absolute pathnames in arguments to StartProcess and SyncShell.

Affected products Warnungen 0 Metrics 2 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Visual Studio Version6.0

Microsoft ≫ Visual Studio Version6.0.0.9782

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	57.93%	0.98

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

http://secunia.com/advisories/26779

http://osvdb.org/37106

http://shinnai.altervista.org/exploits/txt/TXT_AZJ5bXwXvMARqwtfe97I.html

http://www.securityfocus.com/bid/25638

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/36572

https://www.exploit-db.com/exploits/4393

https://nvd.nist.gov/vuln/detail/CVE-2007-4891

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-4891

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-4891

EUVD