CVE-2007-4891 - Vulnerability Details - OpenCVE

A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier in Microsoft Visual Studio 6.0 exposes dangerous (1) StartProcess, (2) SyncShell, (3) SaveAs, (4) CABDefaultURL, (5) CABFileName, and (6) CABRunFile methods, which allows remote attackers to execute arbitrary programs and have other impacts, as demonstrated using absolute pathnames in arguments to StartProcess and SyncShell.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Visual Studio

Configuration 1 [-]

OR	cpe:2.3:a:microsoft:visual_studio:6.0:::::::*
	cpe:2.3:a:microsoft:visual_studio:6.0.0.9782:::::::*

No data.

References

Link	Providers
http://osvdb.org/37106
http://secunia.com/advisories/26779
http://shinnai.altervista.org/exploits/txt/TXT_AZJ5bXwXvMARqwtfe97I.html
http://www.securityfocus.com/bid/25638
https://exchange.xforce.ibmcloud.com/vulnerabilities/36572
https://www.exploit-db.com/exploits/4393

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-09-14T01:00:00

Updated: 2024-08-07T15:08:33.954Z

Reserved: 2007-09-13T00:00:00

Link: CVE-2007-4891

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-09-14T01:17:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-4891

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-09-11T00:00:00", "descriptions": [{"lang": "en", "value": "A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier in Microsoft Visual Studio 6.0 exposes dangerous (1) StartProcess, (2) SyncShell, (3) SaveAs, (4) CABDefaultURL, (5) CABFileName, and (6) CABRunFile methods, which allows remote attackers to execute arbitrary programs and have other impacts, as demonstrated using absolute pathnames in arguments to StartProcess and SyncShell."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "visualstudio-pdwizard-code-execution(36572)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36572"}, {"name": "4393", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/4393"}, {"tags": ["x_refsource_MISC"], "url": "http://shinnai.altervista.org/exploits/txt/TXT_AZJ5bXwXvMARqwtfe97I.html"}, {"name": "37106", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/37106"}, {"name": "26779", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26779"}, {"name": "25638", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25638"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4891", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier in Microsoft Visual Studio 6.0 exposes dangerous (1) StartProcess, (2) SyncShell, (3) SaveAs, (4) CABDefaultURL, (5) CABFileName, and (6) CABRunFile methods, which allows remote attackers to execute arbitrary programs and have other impacts, as demonstrated using absolute pathnames in arguments to StartProcess and SyncShell."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "visualstudio-pdwizard-code-execution(36572)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36572"}, {"name": "4393", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/4393"}, {"name": "http://shinnai.altervista.org/exploits/txt/TXT_AZJ5bXwXvMARqwtfe97I.html", "refsource": "MISC", "url": "http://shinnai.altervista.org/exploits/txt/TXT_AZJ5bXwXvMARqwtfe97I.html"}, {"name": "37106", "refsource": "OSVDB", "url": "http://osvdb.org/37106"}, {"name": "26779", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26779"}, {"name": "25638", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25638"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:08:33.954Z"}, "title": "CVE Program Container", "references": [{"name": "visualstudio-pdwizard-code-execution(36572)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36572"}, {"name": "4393", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/4393"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://shinnai.altervista.org/exploits/txt/TXT_AZJ5bXwXvMARqwtfe97I.html"}, {"name": "37106", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/37106"}, {"name": "26779", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26779"}, {"name": "25638", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/25638"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4891", "datePublished": "2007-09-14T01:00:00", "dateReserved": "2007-09-13T00:00:00", "dateUpdated": "2024-08-07T15:08:33.954Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:visual_studio:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "D5CDA0E2-DFBD-4EE0-80DC-76AA55ADFEFC", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:visual_studio:6.0.0.9782:*:*:*:*:*:*:*", "matchCriteriaId": "C1DF3FDC-7E70-4385-9DAF-539FAAE77C5B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier in Microsoft Visual Studio 6.0 exposes dangerous (1) StartProcess, (2) SyncShell, (3) SaveAs, (4) CABDefaultURL, (5) CABFileName, and (6) CABRunFile methods, which allows remote attackers to execute arbitrary programs and have other impacts, as demonstrated using absolute pathnames in arguments to StartProcess and SyncShell."}, {"lang": "es", "value": "Un determinado control ActiveX de PDWizard.ocx 6.0.0.9782 y versiones anteriores de Microsoft Visual Studio 6.0 expone m\u00e9todos peligrosos (1) StartProcess, (2) SyncShell, (3) SaveAs, (4) CABDefaultURL, (5) CABFileName, y (6) CABRunFile, lo cual permite a atacantes remotos ejecutar programas de su elecci\u00f3n y tener otros impactos, como se demuestra utilizando nombre de ruta absoluta en argumentos a StartProcess y SyncShell."}], "id": "CVE-2007-4891", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-09-14T01:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/37106"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/26779"}, {"source": "cve@mitre.org", "url": "http://shinnai.altervista.org/exploits/txt/TXT_AZJ5bXwXvMARqwtfe97I.html"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/25638"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36572"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/4393"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/37106"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/26779"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://shinnai.altervista.org/exploits/txt/TXT_AZJ5bXwXvMARqwtfe97I.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/25638"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36572"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/4393"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}