CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2007-4891

A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier in Microsoft Visual Studio 6.0 exposes dangerous (1) StartProcess, (2) SyncShell, (3) SaveAs, (4) CABDefaultURL, (5) CABFileName, and (6) CABRunFile methods, which allows remote attackers to execute arbitrary programs and have other impacts, as demonstrated using absolute pathnames in arguments to StartProcess and SyncShell.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.579

EPSS Ranking 98.0%

CVSS Severity

CVSS v2 Score 6.8

References

http://osvdb.org/37106
http://secunia.com/advisories/26779
http://shinnai.altervista.org/exploits/txt/TXT_AZJ5bXwXvMARqwtfe97I.html
http://www.securityfocus.com/bid/25638
https://exchange.xforce.ibmcloud.com/vulnerabilities/36572
https://www.exploit-db.com/exploits/4393
http://osvdb.org/37106
http://secunia.com/advisories/26779
http://shinnai.altervista.org/exploits/txt/TXT_AZJ5bXwXvMARqwtfe97I.html
http://www.securityfocus.com/bid/25638
https://exchange.xforce.ibmcloud.com/vulnerabilities/36572
https://www.exploit-db.com/exploits/4393

Products affected by CVE-2007-4891

Microsoft » Visual Studio » Version: 6.0

cpe:2.3:a:microsoft:visual_studio:6.0
Microsoft » Visual Studio » Version: 6.0.0.9782

cpe:2.3:a:microsoft:visual_studio:6.0.0.9782

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2007-4891

Products

Pricing

Contact Us