Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4891

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2007-4891
Last Modified 15 Nov 2008 01:58:57
Published 13 Sep 2007 09:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4891

Summary

A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier in Microsoft Visual Studio 6.0 exposes dangerous (1) StartProcess, (2) SyncShell, (3) SaveAs, (4) CABDefaultURL, (5) CABFileName, and (6) CABRunFile methods, which allows remote attackers to execute arbitrary programs and have other impacts, as demonstrated using absolute pathnames in arguments to StartProcess and SyncShell.

Vulnerable Systems

Application

  • Microsoft Visual Studio 6.0

  • Microsoft Visual Studio 6.0.0.9782


References

BID - 25638

MILW0RM - 4393

OSVDB - 37106

XF - visualstudio-pdwizard-code-execution(36572)

MISC - http://shinnai.altervista.org/exploits/txt/TXT_AZJ5bXwXvMARqwtfe97I.html

SECUNIA - 26779


Last Updated: 27 May 2016 10:45:58