Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-4890

CWE-22Path Traversal4 documents4 sources
Severity
5.8MEDIUM
EPSS
26.5%
top 3.67%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Visual Studio
Timeline
PublishedSep 14
Latest updateMay 1

Description

Absolute directory traversal vulnerability in a certain ActiveX control in the VB To VSI Support Library (VBTOVSI.DLL) 1.0.0.0 in Microsoft Visual Studio 6.0 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SaveAs method. NOTE: contents can be copied from local files via the Load method.

CVSS vector

AV:N/AC:M/C:N/I:P/A:PExploitability: 8.6 | Impact: 4.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-9q4p-wv38-76g5: Absolute directory traversal vulnerability in a certain ActiveX control in the VB To VSI Support Library (VBTOVSI2022-05-01
CVEList
CVE-2007-4890: Absolute directory traversal vulnerability in a certain ActiveX control in the VB To VSI Support Library (VBTOVSI2007-09-14

💥Exploits & PoCs

1
Exploit-DB
Microsoft Visual Studio 6.0 - 'VBTOVSI.dll 1.0.0.0' File Overwrite2007-09-11
CVE-2007-4890 (MEDIUM CVSS 5.8) | Absolute directory traversal vulner | cvebase.io