CVE-2007-0827
Alibaba Alipay - Remove ActiveX Remote Code Execution
Severity Score
6.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Alibaba Alipay PTA Module ActiveX control (PTA.DLL) allows remote attackers to execute arbitrary code via a JavaScript function that invokes the Remove method with an invalid index argument, which is used as an offset for a function call.
El control ActiveX de Alibaba Alipay PTA Module (PTA.DLL), permite a atacantes remotos ejecutar código arbitrario por medio de una función JavaScript que invoca el método Remove con un argumento index no válido, que es usado como un desplazamiento para una llamada de función.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-02-07 CVE Reserved
- 2007-02-07 CVE Published
- 2024-05-13 EPSS Updated
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052250.html | Mailing List | |
| http://osvdb.org/33123 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/32367 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/3279 | 2024-08-07 | |
| http://www.securityfocus.com/bid/22446 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/24063 | 2017-10-19 | |
| http://www.vupen.com/english/advisories/2007/0520 | 2017-10-19 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Alibaba Search vendor "Alibaba" | Alipay Activex Control Search vendor "Alibaba" for product "Alipay Activex Control" | <= 2.4.2.471 Search vendor "Alibaba" for product "Alipay Activex Control" and version " <= 2.4.2.471" | - |
Affected
| ||||||