Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-6530 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Xupload

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents4 sources
Severity
9.3CRITICALNVD
EPSS
65.8%
top 1.49%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Persits Xupload
Timeline
PublishedDec 27
Latest updateMay 1

Description

Buffer overflow in the XUpload.ocx ActiveX control in Persits Software XUpload 2.1.0.1, and probably other versions before 3.0, as used by HP Mercury LoadRunner and Groove Virtual Office, allows remote attackers to execute arbitrary code via a long argument to the AddFolder function.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

â–¶NVDpersits/xupload2.1.0.1

🔴Vulnerability Details

2
GHSA
GHSA-jh8v-3fp9-w3r3: Buffer overflow in the XUpload↗2022-05-01
â–¶
CVEList
CVE-2007-6530: Buffer overflow in the XUpload↗2007-12-27
â–¶

💥Exploits & PoCs

2
Exploit-DB
HP LoadRunner 9.0 - ActiveX AddFolder Buffer Overflow (Metasploit)↗2010-05-09
â–¶
Exploit-DB
Persits Software XUpload Control - 'AddFolder()' Remote Buffer Overflow↗2007-12-28
â–¶
CVE-2007-6530 — Persits Xupload vulnerability | cvebase