Alipay PTA Module ActiveX Control Vulnerability Exposes Users to Remote Code Execution
CVE-2007-0827

Currently unrated

Key Information:

Vendor: Alibaba
Status: Alipay Activex Control
Vendor: CVE Published:; 7 February 2007

What is CVE-2007-0827?

The ActiveX control PTA.DLL within Alibaba Alipay enables remote attackers to exploit a vulnerability by invoking a JavaScript function with an invalid index argument. This misconfiguration allows the execution of arbitrary code, leading to potential unauthorized control over affected systems. It highlights the need for organizations to implement stringent security measures when using ActiveX controls, particularly in web applications.

References

http://www.vupen.com/english/advisories/2007/0520

vdb-entryx_refsource_VUPEN

http://lists.grok.org.uk/pipermail/full-disclosure/2007-F...

mailing-listx_refsource_FULLDISC

http://secunia.com/advisories/24063

third-party-advisoryx_refsource_SECUNIA

EPSS Score

12% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 7, 2007
Vulnerability Reserved
Feb 7, 2007