CVE-2007-2216
Microsoft Internet Explorer 5.0.1 - 'TBLinf32.dll' ActiveX Control Remote Code Execution
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The tblinf32.dll (aka vstlbinf.dll) ActiveX control for Internet Explorer 5.01, 6 SP1, and 7 uses an incorrect IObjectsafety implementation, which allows remote attackers to execute arbitrary code by requesting the HelpString property, involving a crafted DLL file argument to the TypeLibInfoFromFile function, which overwrites the HelpStringDll property to call the DLLGetDocumentation function in another DLL file, aka "ActiveX Object Vulnerability."
El control ActiveX de la biblioteca tblinf32.dll (también conocida como vstlbinf.dll) para Internet Explorer versiones 5.01, 6 SP1 y 7 utiliza una implementación IObjectsafety inapropiada, que permite a los atacantes remotos ejecutar código arbitrario mediante peticiones a la propiedad HelpString, que involucra un argumento de archivo DLL elaborado para la función TypeLibInfoFromFile, que sobrescribe la propiedad HelpStringDll para llamar a la función DLLGetDocumentation en otro archivo DLL, también se conoce como "ActiveX Object Vulnerability."
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-04-24 CVE Reserved
- 2007-05-08 First Exploit
- 2007-08-14 CVE Published
- 2024-08-07 CVE Updated
- 2024-09-01 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-16: Configuration
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://securitytracker.com/id?1018562 | Vdb Entry | |
| http://www.osvdb.org/36396 | Vdb Entry | |
| http://www.securityfocus.com/archive/1/476742/100/0/threaded | Mailing List | |
| http://www.us-cert.gov/cas/techalerts/TA07-226A.html | Third Party Advisory | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2109 | Signature |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/30490 | 2007-05-08 |
| URL | Date | SRC |
|---|---|---|
| http://www.securityfocus.com/bid/25289 | 2021-07-23 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/26419 | 2021-07-23 | |
| http://www.vupen.com/english/advisories/2007/2869 | 2021-07-23 | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045 | 2021-07-23 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 5.01 Search vendor "Microsoft" for product "Internet Explorer" and version "5.01" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 6 Search vendor "Microsoft" for product "Internet Explorer" and version "6" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 7 Search vendor "Microsoft" for product "Internet Explorer" and version "7" | - |
Affected
| ||||||