CVE-2007-4254 - Vulnerability Details - OpenCVE

Stack-based buffer overflow in a certain ActiveX control in VDT70.DLL in Microsoft Visual Database Tools Database Designer 7.0 for Microsoft Visual Studio 6 allows remote attackers to execute arbitrary code via a long argument to the NotSafe method. NOTE: this may overlap CVE-2007-2885 or CVE-2005-2127.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Visual Database Tools Database Designer Visual Studio

Configuration 1 [-]

OR	cpe:2.3:a:microsoft:visual_database_tools_database_designer:7.0:::::::*
	cpe:2.3:a:microsoft:visual_studio:6.0:::::::*

No data.

References

Link	Providers
http://osvdb.org/41080
https://www.exploit-db.com/exploits/4259

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-08-08T23:00:00

Updated: 2024-08-07T14:46:39.448Z

Reserved: 2007-08-08T00:00:00

Link: CVE-2007-4254

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-08-08T23:17:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-4254

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-08-06T00:00:00", "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in a certain ActiveX control in VDT70.DLL in Microsoft Visual Database Tools Database Designer 7.0 for Microsoft Visual Studio 6 allows remote attackers to execute arbitrary code via a long argument to the NotSafe method. NOTE: this may overlap CVE-2007-2885 or CVE-2005-2127."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "41080", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/41080"}, {"name": "4259", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/4259"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4254", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Stack-based buffer overflow in a certain ActiveX control in VDT70.DLL in Microsoft Visual Database Tools Database Designer 7.0 for Microsoft Visual Studio 6 allows remote attackers to execute arbitrary code via a long argument to the NotSafe method. NOTE: this may overlap CVE-2007-2885 or CVE-2005-2127."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "41080", "refsource": "OSVDB", "url": "http://osvdb.org/41080"}, {"name": "4259", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/4259"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T14:46:39.448Z"}, "title": "CVE Program Container", "references": [{"name": "41080", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/41080"}, {"name": "4259", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/4259"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4254", "datePublished": "2007-08-08T23:00:00", "dateReserved": "2007-08-08T00:00:00", "dateUpdated": "2024-08-07T14:46:39.448Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:visual_database_tools_database_designer:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "3A990AFA-608E-445C-9F26-B7B261760F41", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:visual_studio:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "D5CDA0E2-DFBD-4EE0-80DC-76AA55ADFEFC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in a certain ActiveX control in VDT70.DLL in Microsoft Visual Database Tools Database Designer 7.0 for Microsoft Visual Studio 6 allows remote attackers to execute arbitrary code via a long argument to the NotSafe method. NOTE: this may overlap CVE-2007-2885 or CVE-2005-2127."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en un determinado control ActiveX de VDT70.DLL en Microsoft Visual Database Tools Database Designer 7.0 para Microsoft Visual Studio 6 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un argumento largo para el m\u00e9todo NotSafe. NOTA: esto podr\u00eda solaparse con CVE-2007-2885 o CVE-2005-2127."}], "id": "CVE-2007-4254", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-08-08T23:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/41080"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/4259"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/41080"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/4259"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}