Stack-based Buffer Overflow in Microsoft Visual Basic 6
CVE-2007-2884

Currently unrated

Key Information:

Vendor: Microsoft
Status: Visual Basic
Vendor: CVE Published:; 30 May 2007

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 63%

What is CVE-2007-2884?

Microsoft Visual Basic 6 is susceptible to multiple stack-based buffer overflows that allow user-assisted remote attackers to execute arbitrary code or cause a denial of service through specially crafted Visual Basic Project (vbp) files. These files, containing overly long entries in the Description or Company Name fields, could lead to significant CPU consumption or unwanted operations, severely affecting system integrity.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2007-2884 - Proof of Concept

References

http://osvdb.org/41053

vdb-entryx_refsource_OSVDB

https://exchange.xforce.ibmcloud.com/vulnerabilities/34475

vdb-entryx_refsource_XF

https://www.exploit-db.com/exploits/3977

exploitx_refsource_EXPLOIT-DB

EPSS Score

63% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
May 30, 2007
👾
Exploit known to exist
May 30, 2007
Vulnerability published
May 30, 2007
Vulnerability Reserved
May 29, 2007

CVE-2007-2884 Data

JSON