CVE-2007-5322 - Vulnerability Details - OpenCVE

Insecure method vulnerability in the FPOLE.OCX 6.0.8450.0 ActiveX control in Microsoft Visual FoxPro 6.0 allows remote attackers to execute arbitrary programs by specifying them as an argument to the FoxDoCmd function.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Visual Foxpro

Configuration 1 [-]

cpe:2.3:a:microsoft:visual_foxpro:6.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://osvdb.org/38487
http://secunia.com/advisories/27165
http://shinnai.altervista.org/exploits/txt/TXT_14md9AHOoCycrnk9l095.html
http://www.securityfocus.com/bid/25977
https://exchange.xforce.ibmcloud.com/vulnerabilities/37035
https://www.exploit-db.com/exploits/4506

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-10-09T22:00:00

Updated: 2024-08-07T15:24:42.492Z

Reserved: 2007-10-09T00:00:00

Link: CVE-2007-5322

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-10-09T22:17:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-5322

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-10-09T00:00:00", "descriptions": [{"lang": "en", "value": "Insecure method vulnerability in the FPOLE.OCX 6.0.8450.0 ActiveX control in Microsoft Visual FoxPro 6.0 allows remote attackers to execute arbitrary programs by specifying them as an argument to the FoxDoCmd function."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "foxpro-fpole-command-execution(37035)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37035"}, {"tags": ["x_refsource_MISC"], "url": "http://shinnai.altervista.org/exploits/txt/TXT_14md9AHOoCycrnk9l095.html"}, {"name": "4506", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/4506"}, {"name": "38487", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/38487"}, {"name": "27165", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27165"}, {"name": "25977", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25977"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-5322", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Insecure method vulnerability in the FPOLE.OCX 6.0.8450.0 ActiveX control in Microsoft Visual FoxPro 6.0 allows remote attackers to execute arbitrary programs by specifying them as an argument to the FoxDoCmd function."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "foxpro-fpole-command-execution(37035)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37035"}, {"name": "http://shinnai.altervista.org/exploits/txt/TXT_14md9AHOoCycrnk9l095.html", "refsource": "MISC", "url": "http://shinnai.altervista.org/exploits/txt/TXT_14md9AHOoCycrnk9l095.html"}, {"name": "4506", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/4506"}, {"name": "38487", "refsource": "OSVDB", "url": "http://osvdb.org/38487"}, {"name": "27165", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27165"}, {"name": "25977", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25977"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:24:42.492Z"}, "title": "CVE Program Container", "references": [{"name": "foxpro-fpole-command-execution(37035)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37035"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://shinnai.altervista.org/exploits/txt/TXT_14md9AHOoCycrnk9l095.html"}, {"name": "4506", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/4506"}, {"name": "38487", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/38487"}, {"name": "27165", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27165"}, {"name": "25977", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/25977"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-5322", "datePublished": "2007-10-09T22:00:00", "dateReserved": "2007-10-09T00:00:00", "dateUpdated": "2024-08-07T15:24:42.492Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:visual_foxpro:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "8936D267-41DF-4310-A990-5883787728E3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Insecure method vulnerability in the FPOLE.OCX 6.0.8450.0 ActiveX control in Microsoft Visual FoxPro 6.0 allows remote attackers to execute arbitrary programs by specifying them as an argument to the FoxDoCmd function."}, {"lang": "es", "value": "El control ActiveX FPOLE.OCX 6.0.8450.0 en Microsoft Visual FoxPro 6.0 permite a atacantes remotos ejecutar programas de su elecci\u00f3n especific\u00e1ndolos como un argumento para la funci\u00f3n FoxDoCmd."}], "id": "CVE-2007-5322", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-10-09T22:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/38487"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/27165"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://shinnai.altervista.org/exploits/txt/TXT_14md9AHOoCycrnk9l095.html"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/25977"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37035"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/4506"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/38487"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/27165"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://shinnai.altervista.org/exploits/txt/TXT_14md9AHOoCycrnk9l095.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/25977"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37035"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/4506"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}