Insecure Method Vulnerability in Microsoft Visual FoxPro 6.0 ActiveX Control
CVE-2007-5322

Currently unrated

Key Information:

Vendor: Microsoft
Status: Visual Foxpro
Vendor: CVE Published:; 9 October 2007

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 34%

What is CVE-2007-5322?

The FPOLE.OCX ActiveX control in Microsoft Visual FoxPro 6.0 contains an insecure method vulnerability that allows remote attackers to execute arbitrary programs. This can be exploited by providing a specially crafted argument to the FoxDoCmd function, potentially leading to unauthorized command execution on affected systems. Proper security measures should be taken to mitigate this risk.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2007-5322 - Proof of Concept

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/37035

vdb-entryx_refsource_XF

http://shinnai.altervista.org/exploits/txt/TXT_14md9AHOoC...

x_refsource_MISC

https://www.exploit-db.com/exploits/4506

exploitx_refsource_EXPLOIT-DB

EPSS Score

34% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Oct 9, 2007
👾
Exploit known to exist
Oct 9, 2007
Vulnerability published
Oct 9, 2007
Vulnerability Reserved
Oct 9, 2007

CVE-2007-5322 Data

JSON