Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-4254

5 documents4 sources
Severity
6.8MEDIUM
EPSS
32.4%
top 3.15%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft Visual Database Tools Database DesignerMicrosoft Visual Studio
Timeline
PublishedAug 8
Latest updateMay 1

Description

Stack-based buffer overflow in a certain ActiveX control in VDT70.DLL in Microsoft Visual Database Tools Database Designer 7.0 for Microsoft Visual Studio 6 allows remote attackers to execute arbitrary code via a long argument to the NotSafe method. NOTE: this may overlap CVE-2007-2885 or CVE-2005-2127.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-8hx5-8mhr-hxfm: Stack-based buffer overflow in a certain ActiveX control in VDT702022-05-01
CVEList
CVE-2007-4254: Stack-based buffer overflow in a certain ActiveX control in VDT702007-08-08

💥Exploits & PoCs

2
Exploit-DB
IBM AIX 5.3.0 - 'setlocale()' Local Privilege Escalation2007-11-07
Exploit-DB
Microsoft Visual 6 - 'VDT70.dll NotSafe' Remote Stack Overflow2007-08-06
CVE-2007-4254 (MEDIUM CVSS 6.8) | Stack-based buffer overflow in a ce | cvebase.io