Stack-based Buffer Overflow in ActiveX Controls in Microsoft Visual FoxPro Products
CVE-2007-4790

Currently unrated

Key Information:

Vendor: Microsoft
Status: Internet Explorer; Visual Foxpro
Vendor: CVE Published:; 10 September 2007

Summary

A stack-based buffer overflow occurs in certain ActiveX controls utilized by Microsoft Visual FoxPro 6.0, specifically FPOLE.OCX and Foxtlib.ocx. This vulnerability can be exploited through Internet Explorer versions 5.01, 6 SP1, 6 SP2, and 7, allowing remote attackers to execute arbitrary code by sending a malicious long first argument to the FoxDoCmd function. This flaw highlights the risks associated with outdated ActiveX controls and the necessity for users to keep their software updated.

References

http://www.securitytracker.com/id?1019378

vdb-entryx_refsource_SECTRACK

http://marc.info/?l=bugtraq&m=120361015026386&w=2

vendor-advisoryx_refsource_HP

https://www.exploit-db.com/exploits/4369

exploitx_refsource_EXPLOIT-DB

EPSS Score

73% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 10, 2007
Vulnerability Reserved
Sep 10, 2007