A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier in Microsoft Visual Studio 6.0 exposes dangerous (1) StartProcess, (2) SyncShell, (3) SaveAs, (4) CABDefaultURL, (5) CABFileName, and (6) CABRunFile methods, which allows remote attackers to execute arbitrary programs and have other impacts, as demonstrated using absolute pathnames in arguments to StartProcess and SyncShell.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2007-09-14T01:00:00
Updated: 2024-08-07T15:08:33.954Z
Reserved: 2007-09-13T00:00:00
Link: CVE-2007-4891
Vulnrichment
No data.
NVD
Status : Modified
Published: 2007-09-14T01:17:00.000
Modified: 2024-11-21T00:36:39.090
Link: CVE-2007-4891
Redhat
No data.