CVE-2007-4790 – Microsoft Visual FoxPro 6.0 - FPOLE.OCX 6.0.8450.0 Remote (PoC)
https://notcve.org/view.php?id=CVE-2007-4790
Stack-based buffer overflow in certain ActiveX controls in (1) FPOLE.OCX 6.0.8450.0 and (2) Foxtlib.ocx, as used in the Microsoft Visual FoxPro 6.0 fpole 1.0 Type Library; and Internet Explorer 5.01, 6 SP1 and SP2, and 7; allows remote attackers to execute arbitrary code via a long first argument to the FoxDoCmd function. Desbordamiento de búfer en la región stack de la memoria en ciertos controles ActiveX en las bibliotecas (1) FPOLE. OCX versión 6.0.8450.0 y (2) Foxtlib.ocx, tal y como son usados en Microsoft Visual FoxPro versión 6.0 fpole 1.0 Type Library; e Internet Explorer versiones 5.01, 6 SP1 y SP2, y 7; permiten a atacantes remotos ejecutar código arbitrario por medio de un primer argumento largo en la función FoxDoCmd. • https://www.exploit-db.com/exploits/4369 http://marc.info/?l=bugtraq&m=120361015026386&w=2 http://www.securityfocus.com/bid/25571 http://www.securitytracker.com/id?1019378 http://www.us-cert.gov/cas/techalerts/TA08-043C.html http://www.vupen.com/english/advisories/2008/0512/references https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-010 https://exchange.xforce.ibmcloud.com/vulnerabilities/36496 https://oval.cisecurity.org/repository/search/definition/oval& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2002-0696
https://notcve.org/view.php?id=CVE-2002-0696
Microsoft Visual FoxPro 6.0 does not register its associated files with Internet Explorer, which allows remote attackers to execute Visual FoxPro applications without warning via HTML that references specially-crafted filenames. Microsoft Visual FoxPro 6.0 no registra sus ficheros asociados con Internet Explorer, lo que permite a atacantes remotos ejecutar sin advertencias aplicaciones Visual FoxPro mediante código HTML que hace referencia a nombres de ficheros especialmente creados. • http://www.ciac.org/ciac/bulletins/m-120.shtml http://www.iss.net/security_center/static/10035.php http://www.securityfocus.com/bid/5633 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-049 •