Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-4776

CWE-119Buffer Overflow6 documents4 sources
Severity
9.3CRITICAL
EPSS
81.5%
top 0.82%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Visual Basic
Timeline
PublishedSep 10
Latest updateMay 1

Description

Buffer overflow in Microsoft Visual Basic 6.0 and Enterprise Edition 6.0 SP6 allows user-assisted remote attackers to execute arbitrary code via a Visual Basic project (vbp) file containing a long Reference line, related to VBP_Open and OLE. NOTE: there are limited usage scenarios under which this would be a vulnerability.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-9rc3-8rwr-fr36: Buffer overflow in Microsoft Visual Basic 62022-05-01
CVEList
CVE-2007-4776: Buffer overflow in Microsoft Visual Basic 62007-09-10

💥Exploits & PoCs

3
Exploit-DB
Microsoft Visual Basic - '.VBP' Local Buffer Overflow (Metasploit)2010-09-25
Exploit-DB
Microsoft Visual Basic Enterprise 6.0 SP6 - Code Execution2007-09-19
Exploit-DB
Microsoft Visual Basic 6.0 - VBP_Open OLE Local CodeExec2007-09-04
CVE-2007-4776 (CRITICAL CVSS 9.3) | Buffer overflow in Microsoft Visual | cvebase.io