Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-2216Microsoft Internet Explorer vulnerability

CWE-164 documents4 sources
Severity
9.3CRITICALNVD
EPSS
76.6%
top 1.05%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Internet Explorer
Timeline
PublishedAug 14
Latest updateMay 1

Description

The tblinf32.dll (aka vstlbinf.dll) ActiveX control for Internet Explorer 5.01, 6 SP1, and 7 uses an incorrect IObjectsafety implementation, which allows remote attackers to execute arbitrary code by requesting the HelpString property, involving a crafted DLL file argument to the TypeLibInfoFromFile function, which overwrites the HelpStringDll property to call the DLLGetDocumentation function in another DLL file, aka "ActiveX Object Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDmicrosoft/internet_explorer5.01, 6, 7+2

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

1
GHSA
GHSA-p6x4-678w-q6rq: The tblinf322022-05-01

💥Exploits & PoCs

1
Exploit-DB
Microsoft Internet Explorer 5.0.1 - 'TBLinf32.dll' ActiveX Control Remote Code Execution2007-05-08

💬Community

1
Bugzilla
CVE-2007-3388 qt3 format string flaw2007-07-16
CVE-2007-2216 — Microsoft vulnerability | cvebase