CVSS: 5.8EPSS: 94%CPEs: 1EXPL: 3CVE-2008-0236 – Microsoft FoxServer - 'vfp6r.dll 6.0.8862.0' ActiveX Command Execution
https://notcve.org/view.php?id=CVE-2008-0236
An ActiveX control for Microsoft Visual FoxPro (vfp6r.dll 6.0.8862.0) allows remote attackers to execute arbitrary commands by invoking the DoCmd method. Un control ActiveX para Microsoft Visual FoxPro (vfp6r.dll 6.0.8862.0) permite a atacantes remotos ejecutar comandos de su elección invocando el método DoCmd. • https://www.exploit-db.com/exploits/4873 http://secunia.com/advisories/28417 http://shinnai.altervista.org/exploits/txt/TXT_DiWu9j82RCq4zpaQAoxn.html http://www.securityfocus.com/bid/27205 https://exchange.xforce.ibmcloud.com/vulnerabilities/39558 •
CVSS: 7.5EPSS: 65%CPEs: 1EXPL: 3CVE-2007-5322 – Microsoft Visual FoxPro 6.0 - 'FPOLE.OCX' Arbitrary Command Execution
https://notcve.org/view.php?id=CVE-2007-5322
Insecure method vulnerability in the FPOLE.OCX 6.0.8450.0 ActiveX control in Microsoft Visual FoxPro 6.0 allows remote attackers to execute arbitrary programs by specifying them as an argument to the FoxDoCmd function. El control ActiveX FPOLE.OCX 6.0.8450.0 en Microsoft Visual FoxPro 6.0 permite a atacantes remotos ejecutar programas de su elección especificándolos como un argumento para la función FoxDoCmd. • https://www.exploit-db.com/exploits/4506 http://osvdb.org/38487 http://secunia.com/advisories/27165 http://shinnai.altervista.org/exploits/txt/TXT_14md9AHOoCycrnk9l095.html http://www.securityfocus.com/bid/25977 https://exchange.xforce.ibmcloud.com/vulnerabilities/37035 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 96%CPEs: 5EXPL: 2CVE-2007-4790 – Microsoft Visual FoxPro 6.0 - FPOLE.OCX 6.0.8450.0 Remote (PoC)
https://notcve.org/view.php?id=CVE-2007-4790
Stack-based buffer overflow in certain ActiveX controls in (1) FPOLE.OCX 6.0.8450.0 and (2) Foxtlib.ocx, as used in the Microsoft Visual FoxPro 6.0 fpole 1.0 Type Library; and Internet Explorer 5.01, 6 SP1 and SP2, and 7; allows remote attackers to execute arbitrary code via a long first argument to the FoxDoCmd function. Desbordamiento de búfer en la región stack de la memoria en ciertos controles ActiveX en las bibliotecas (1) FPOLE. OCX versión 6.0.8450.0 y (2) Foxtlib.ocx, tal y como son usados en Microsoft Visual FoxPro versión 6.0 fpole 1.0 Type Library; e Internet Explorer versiones 5.01, 6 SP1 y SP2, y 7; permiten a atacantes remotos ejecutar código arbitrario por medio de un primer argumento largo en la función FoxDoCmd. • https://www.exploit-db.com/exploits/4369 http://marc.info/?l=bugtraq&m=120361015026386&w=2 http://www.securityfocus.com/bid/25571 http://www.securitytracker.com/id?1019378 http://www.us-cert.gov/cas/techalerts/TA08-043C.html http://www.vupen.com/english/advisories/2008/0512/references https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-010 https://exchange.xforce.ibmcloud.com/vulnerabilities/36496 https://oval.cisecurity.org/repository/search/definition/oval& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2002-0696
https://notcve.org/view.php?id=CVE-2002-0696
Microsoft Visual FoxPro 6.0 does not register its associated files with Internet Explorer, which allows remote attackers to execute Visual FoxPro applications without warning via HTML that references specially-crafted filenames. Microsoft Visual FoxPro 6.0 no registra sus ficheros asociados con Internet Explorer, lo que permite a atacantes remotos ejecutar sin advertencias aplicaciones Visual FoxPro mediante código HTML que hace referencia a nombres de ficheros especialmente creados. • http://www.ciac.org/ciac/bulletins/m-120.shtml http://www.iss.net/security_center/static/10035.php http://www.securityfocus.com/bid/5633 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-049 •