cbcvebase.
CVE-2007-2221
published 2007-05-08

CVE-2007-2221: Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6…

PriorityP355critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
37.37%
98.3th percentile
Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; or 7 on Windows Vista allows remote attackers to overwrite arbitrary files via unspecified vectors, aka the "Arbitrary File Rewrite Vulnerability."

Affected

4 ranges
VendorProductVersion rangeFixed in
microsoftinternet_explorer
microsoftinternet_explorer
microsoftinternet_explorer
microsoftinternet_explorer

Detection & IOCsextracted from sources · hover to see the quote

filenamemdsauth.dll
pathc:\boot.ini
urlhttp://www.514.es
  • Monitor COM object instantiation of mdsauth.dll (NMSA Session Description Object) from browser processes, particularly Internet Explorer, for invocation of the SaveAs method targeting sensitive system files.
  • Alert on any web content (HTML/script) that sets SessionDescription, SessionAuthor, SessionEmailContact, or SessionURL properties on the mdsauth.dll COM object and then calls SaveAs to write to arbitrary file paths.
  • The exploit payload is encoded as UTF-16; inspect script content delivered in UTF-16 encoding that references mdsauth.dll COM object methods.
  • ·The vulnerability is described as 'unspecified' with no further technical detail on the exact trigger vectors beyond the SaveAs method abuse demonstrated in the PoC.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.