CVE-2007-4891
Microsoft Visual Studio 6.0 - 'PDWizard.ocx' Remote Command Execution
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier in Microsoft Visual Studio 6.0 exposes dangerous (1) StartProcess, (2) SyncShell, (3) SaveAs, (4) CABDefaultURL, (5) CABFileName, and (6) CABRunFile methods, which allows remote attackers to execute arbitrary programs and have other impacts, as demonstrated using absolute pathnames in arguments to StartProcess and SyncShell.
Un determinado control ActiveX de PDWizard.ocx 6.0.0.9782 y versiones anteriores de Microsoft Visual Studio 6.0 expone métodos peligrosos (1) StartProcess, (2) SyncShell, (3) SaveAs, (4) CABDefaultURL, (5) CABFileName, y (6) CABRunFile, lo cual permite a atacantes remotos ejecutar programas de su elección y tener otros impactos, como se demuestra utilizando nombre de ruta absoluta en argumentos a StartProcess y SyncShell.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-09-13 CVE Reserved
- 2007-09-14 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- 2024-11-09 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/37106 | Vdb Entry | |
| http://secunia.com/advisories/26779 | Third Party Advisory | |
| http://shinnai.altervista.org/exploits/txt/TXT_AZJ5bXwXvMARqwtfe97I.html | X_refsource_misc | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/36572 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/4393 | 2024-08-07 | |
| http://www.securityfocus.com/bid/25638 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Visual Studio Search vendor "Microsoft" for product "Visual Studio" | 6.0 Search vendor "Microsoft" for product "Visual Studio" and version "6.0" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Visual Studio Search vendor "Microsoft" for product "Visual Studio" | 6.0.0.9782 Search vendor "Microsoft" for product "Visual Studio" and version "6.0.0.9782" | - |
Affected
| ||||||