Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-0356 — Microsoft IE vulnerability

4 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

13.4%

top 5.79%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft IE

Timeline

PublishedJan 19

Latest updateMay 1

Description

The Common Controls Replacement Project (CCRP) FolderTreeview (FTV) ActiveX control (ccrpftv6.ocx) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long CCRP.RootFolder property value.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmicrosoft/ie7.0

🔴Vulnerability Details

GHSA

GHSA-c356-hw8h-3hhp: The Common Controls Replacement Project (CCRP) FolderTreeview (FTV) ActiveX control (ccrpftv6↗2022-05-01

▶

CVEList

CVE-2007-0356: The Common Controls Replacement Project (CCRP) FolderTreeview (FTV) ActiveX control (ccrpftv6↗2007-01-19

▶

💥Exploits & PoCs

Exploit-DB

CCRP Folder Treeview Control (ccrpftv6.ocx) - IE Denial of Service↗2007-01-17

▶