Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-2884

CWE-20Improper Input ValidationCWE-3995 documents4 sources
Severity
9.3CRITICAL
EPSS
63.4%
top 1.59%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Visual Basic
Timeline
PublishedMay 30
Latest updateMay 1

Description

Multiple stack-based buffer overflows in Microsoft Visual Basic 6 allow user-assisted remote attackers to cause a denial of service (CPU consumption) or execute arbitrary code via a Visual Basic Project (vbp) file with a long (1) Description or (2) Company Name (VersionCompanyName) field.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-4594-3h26-2mp7: Multiple stack-based buffer overflows in Microsoft Visual Basic 6 allow user-assisted remote attackers to cause a denial of service (CPU consumption)2022-05-01
CVEList
CVE-2007-2884: Multiple stack-based buffer overflows in Microsoft Visual Basic 6 allow user-assisted remote attackers to cause a denial of service (CPU consumption)2007-05-30

💥Exploits & PoCs

2
Exploit-DB
Microsoft Visual Basic 6.0 Project - Company Name Stack Overflow (PoC)2007-05-23
Exploit-DB
Microsoft Visual Basic 6.0 Project - Description Stack Overflow (PoC)2007-05-23
CVE-2007-2884 (CRITICAL CVSS 9.3) | Multiple stack-based buffer overflo | cvebase.io