Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4790

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-4790
Last Modified 07 Mar 2011 12:00:00
Published 10 Sep 2007 05:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4790

Summary

Stack-based buffer overflow in certain ActiveX controls in (1) FPOLE.OCX 6.0.8450.0 and (2) Foxtlib.ocx, as used in the Microsoft Visual FoxPro 6.0 fpole 1.0 Type Library; and Internet Explorer 5.01, 6 SP1 and SP2, and 7; allows remote attackers to execute arbitrary code via a long first argument to the FoxDoCmd function.

Vulnerable Systems

Application

  • Microsoft Ie 5.01

  • Microsoft Ie 7

  • Microsoft Internet Explorer 6

  • Microsoft Visual Foxpro 6.0


References

CERT - TA08-043C

XF - foxpro-fpole-activex-bo(36496)

VUPEN - ADV-2008-0512

SECTRACK - 1019378

BID - 25571

MILW0RM - 4369

MS - MS08-010

HP - SSRT080016

HP - HPSBST02314


Last Updated: 27 May 2016 10:47:26