CVE-2007-2216 - OpenCVE

The tblinf32.dll (aka vstlbinf.dll) ActiveX control for Internet Explorer 5.01, 6 SP1, and 7 uses an incorrect IObjectsafety implementation, which allows remote attackers to execute arbitrary code by requesting the HelpString property, involving a crafted DLL file argument to the TypeLibInfoFromFile function, which overwrites the HelpStringDll property to call the DLLGetDocumentation function in another DLL file, aka "ActiveX Object Vulnerability."

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Internet Explorer

Configuration 1 [-]

OR	cpe:2.3:a:microsoft:internet_explorer:5.01:::::::*
	cpe:2.3:a:microsoft:internet_explorer:6:sp1::::::
	cpe:2.3:a:microsoft:internet_explorer:7:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/26419
http://securitytracker.com/id?1018562
http://www.osvdb.org/36396
http://www.securityfocus.com/archive/1/476742/100/0/threaded
http://www.securityfocus.com/bid/25289
http://www.us-cert.gov/cas/techalerts/TA07-226A.html
http://www.vupen.com/english/advisories/2007/2869
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2109

History

No history.

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2007-08-14T21:00:00

Updated: 2024-08-07T13:23:51.186Z

Reserved: 2007-04-24T00:00:00

Link: CVE-2007-2216

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-08-14T21:17:00.000

Modified: 2021-07-23T15:04:56.060

Link: CVE-2007-2216

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-08-14T00:00:00", "descriptions": [{"lang": "en", "value": "The tblinf32.dll (aka vstlbinf.dll) ActiveX control for Internet Explorer 5.01, 6 SP1, and 7 uses an incorrect IObjectsafety implementation, which allows remote attackers to execute arbitrary code by requesting the HelpString property, involving a crafted DLL file argument to the TypeLibInfoFromFile function, which overwrites the HelpStringDll property to call the DLLGetDocumentation function in another DLL file, aka \"ActiveX Object Vulnerability.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "36396", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/36396"}, {"name": "MS07-045", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045"}, {"name": "TA07-226A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-226A.html"}, {"name": "oval:org.mitre.oval:def:2109", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2109"}, {"name": "ADV-2007-2869", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/2869"}, {"name": "26419", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26419"}, {"name": "25289", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25289"}, {"name": "1018562", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1018562"}, {"name": "20070815 TlbInf32 ActiveX Command Execution", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/476742/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2007-2216", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The tblinf32.dll (aka vstlbinf.dll) ActiveX control for Internet Explorer 5.01, 6 SP1, and 7 uses an incorrect IObjectsafety implementation, which allows remote attackers to execute arbitrary code by requesting the HelpString property, involving a crafted DLL file argument to the TypeLibInfoFromFile function, which overwrites the HelpStringDll property to call the DLLGetDocumentation function in another DLL file, aka \"ActiveX Object Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "36396", "refsource": "OSVDB", "url": "http://www.osvdb.org/36396"}, {"name": "MS07-045", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045"}, {"name": "TA07-226A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA07-226A.html"}, {"name": "oval:org.mitre.oval:def:2109", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2109"}, {"name": "ADV-2007-2869", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2869"}, {"name": "26419", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26419"}, {"name": "25289", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25289"}, {"name": "1018562", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1018562"}, {"name": "20070815 TlbInf32 ActiveX Command Execution", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/476742/100/0/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:23:51.186Z"}, "title": "CVE Program Container", "references": [{"name": "36396", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/36396"}, {"name": "MS07-045", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045"}, {"name": "TA07-226A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-226A.html"}, {"name": "oval:org.mitre.oval:def:2109", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2109"}, {"name": "ADV-2007-2869", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/2869"}, {"name": "26419", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26419"}, {"name": "25289", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/25289"}, {"name": "1018562", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1018562"}, {"name": "20070815 TlbInf32 ActiveX Command Execution", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/476742/100/0/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2007-2216", "datePublished": "2007-08-14T21:00:00", "dateReserved": "2007-04-24T00:00:00", "dateUpdated": "2024-08-07T13:23:51.186Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*", "matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*", "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*", "matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The tblinf32.dll (aka vstlbinf.dll) ActiveX control for Internet Explorer 5.01, 6 SP1, and 7 uses an incorrect IObjectsafety implementation, which allows remote attackers to execute arbitrary code by requesting the HelpString property, involving a crafted DLL file argument to the TypeLibInfoFromFile function, which overwrites the HelpStringDll property to call the DLLGetDocumentation function in another DLL file, aka \"ActiveX Object Vulnerability.\""}, {"lang": "es", "value": "El control ActiveX de la biblioteca tblinf32.dll (tambi\u00e9n conocida como vstlbinf.dll) para Internet Explorer versiones 5.01, 6 SP1 y 7 utiliza una implementaci\u00f3n IObjectsafety inapropiada, que permite a los atacantes remotos ejecutar c\u00f3digo arbitrario mediante peticiones a la propiedad HelpString, que involucra un argumento de archivo DLL elaborado para la funci\u00f3n TypeLibInfoFromFile, que sobrescribe la propiedad HelpStringDll para llamar a la funci\u00f3n DLLGetDocumentation en otro archivo DLL, tambi\u00e9n se conoce como \"ActiveX Object Vulnerability.\""}], "id": "CVE-2007-2216", "lastModified": "2021-07-23T15:04:56.060", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-08-14T21:17:00.000", "references": [{"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26419"}, {"source": "secure@microsoft.com", "url": "http://securitytracker.com/id?1018562"}, {"source": "secure@microsoft.com", "url": "http://www.osvdb.org/36396"}, {"source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/476742/100/0/threaded"}, {"source": "secure@microsoft.com", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/25289"}, {"source": "secure@microsoft.com", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-226A.html"}, {"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/2869"}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2109"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-16"}], "source": "nvd@nist.gov", "type": "Primary"}]}