Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-4790

CWE-119Buffer Overflow5 documents5 sources
Severity
7.5HIGH
EPSS
73.7%
top 1.19%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft Internet ExplorerMicrosoft Visual Foxpro
Timeline
PublishedSep 10
Latest updateMay 1

Description

Stack-based buffer overflow in certain ActiveX controls in (1) FPOLE.OCX 6.0.8450.0 and (2) Foxtlib.ocx, as used in the Microsoft Visual FoxPro 6.0 fpole 1.0 Type Library; and Internet Explorer 5.01, 6 SP1 and SP2, and 7; allows remote attackers to execute arbitrary code via a long first argument to the FoxDoCmd function.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

NVDmicrosoft/internet_explorer5.01, 6, 7+2

🔴Vulnerability Details

2
GHSA
GHSA-83q2-rwjj-54qx: Stack-based buffer overflow in certain ActiveX controls in (1) FPOLE2022-05-01
CVEList
CVE-2007-4790: Stack-based buffer overflow in certain ActiveX controls in (1) FPOLE2007-09-10

💥Exploits & PoCs

1
Exploit-DB
Microsoft Visual FoxPro 6.0 - FPOLE.OCX 6.0.8450.0 Remote (PoC)2007-09-06

📋Vendor Advisories

1
Red Hat
tomboy and blam uses insecure LD_LIBRARY_PATH
CVE-2007-4790 (HIGH CVSS 7.5) | Stack-based buffer overflow in cert | cvebase.io