CVE-2007-4790 - OpenCVE

Stack-based buffer overflow in certain ActiveX controls in (1) FPOLE.OCX 6.0.8450.0 and (2) Foxtlib.ocx, as used in the Microsoft Visual FoxPro 6.0 fpole 1.0 Type Library; and Internet Explorer 5.01, 6 SP1 and SP2, and 7; allows remote attackers to execute arbitrary code via a long first argument to the FoxDoCmd function.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Internet Explorer Visual Foxpro

Configuration 1 [-]

OR	cpe:2.3:a:microsoft:internet_explorer:5.01:::::::*
	cpe:2.3:a:microsoft:internet_explorer:6:sp1::::::
	cpe:2.3:a:microsoft:internet_explorer:6:sp2::::::
	cpe:2.3:a:microsoft:internet_explorer:7:::::::*
	cpe:2.3:a:microsoft:visual_foxpro:6.0:::::::*

No data.

References

Link	Providers
http://marc.info/?l=bugtraq&m=120361015026386&w=2
http://www.securityfocus.com/bid/25571
http://www.securitytracker.com/id?1019378
http://www.us-cert.gov/cas/techalerts/TA08-043C.html
http://www.vupen.com/english/advisories/2008/0512/references
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-010
https://exchange.xforce.ibmcloud.com/vulnerabilities/36496
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5481
https://www.exploit-db.com/exploits/4369

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-09-10T21:00:00

Updated: 2024-08-07T15:08:33.685Z

Reserved: 2007-09-10T00:00:00

Link: CVE-2007-4790

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-09-10T21:17:00.000

Modified: 2021-07-23T15:04:56.060

Link: CVE-2007-4790

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-09-06T00:00:00", "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in certain ActiveX controls in (1) FPOLE.OCX 6.0.8450.0 and (2) Foxtlib.ocx, as used in the Microsoft Visual FoxPro 6.0 fpole 1.0 Type Library; and Internet Explorer 5.01, 6 SP1 and SP2, and 7; allows remote attackers to execute arbitrary code via a long first argument to the FoxDoCmd function."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-12T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1019378", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1019378"}, {"name": "HPSBST02314", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=120361015026386&w=2"}, {"name": "4369", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/4369"}, {"name": "SSRT080016", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=120361015026386&w=2"}, {"name": "foxpro-fpole-activex-bo(36496)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36496"}, {"name": "TA08-043C", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-043C.html"}, {"name": "oval:org.mitre.oval:def:5481", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5481"}, {"name": "ADV-2008-0512", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0512/references"}, {"name": "25571", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25571"}, {"name": "MS08-010", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-010"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4790", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Stack-based buffer overflow in certain ActiveX controls in (1) FPOLE.OCX 6.0.8450.0 and (2) Foxtlib.ocx, as used in the Microsoft Visual FoxPro 6.0 fpole 1.0 Type Library; and Internet Explorer 5.01, 6 SP1 and SP2, and 7; allows remote attackers to execute arbitrary code via a long first argument to the FoxDoCmd function."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1019378", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019378"}, {"name": "HPSBST02314", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=120361015026386&w=2"}, {"name": "4369", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/4369"}, {"name": "SSRT080016", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=120361015026386&w=2"}, {"name": "foxpro-fpole-activex-bo(36496)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36496"}, {"name": "TA08-043C", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-043C.html"}, {"name": "oval:org.mitre.oval:def:5481", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5481"}, {"name": "ADV-2008-0512", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0512/references"}, {"name": "25571", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25571"}, {"name": "MS08-010", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-010"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:08:33.685Z"}, "title": "CVE Program Container", "references": [{"name": "1019378", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1019378"}, {"name": "HPSBST02314", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=120361015026386&w=2"}, {"name": "4369", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/4369"}, {"name": "SSRT080016", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=120361015026386&w=2"}, {"name": "foxpro-fpole-activex-bo(36496)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36496"}, {"name": "TA08-043C", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-043C.html"}, {"name": "oval:org.mitre.oval:def:5481", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5481"}, {"name": "ADV-2008-0512", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/0512/references"}, {"name": "25571", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/25571"}, {"name": "MS08-010", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-010"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4790", "datePublished": "2007-09-10T21:00:00", "dateReserved": "2007-09-10T00:00:00", "dateUpdated": "2024-08-07T15:08:33.685Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*", "matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*", "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp2:*:*:*:*:*:*", "matchCriteriaId": "59159262-BA89-46B9-B16F-0CC6A5502C58", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*", "matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:visual_foxpro:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "8936D267-41DF-4310-A990-5883787728E3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in certain ActiveX controls in (1) FPOLE.OCX 6.0.8450.0 and (2) Foxtlib.ocx, as used in the Microsoft Visual FoxPro 6.0 fpole 1.0 Type Library; and Internet Explorer 5.01, 6 SP1 and SP2, and 7; allows remote attackers to execute arbitrary code via a long first argument to the FoxDoCmd function."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en ciertos controles ActiveX en las bibliotecas (1) FPOLE. OCX versi\u00f3n 6.0.8450.0 y (2) Foxtlib.ocx, tal y como son usados en Microsoft Visual FoxPro versi\u00f3n 6.0 fpole 1.0 Type Library; e Internet Explorer versiones 5.01, 6 SP1 y SP2, y 7; permiten a atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un primer argumento largo en la funci\u00f3n FoxDoCmd."}], "id": "CVE-2007-4790", "lastModified": "2021-07-23T15:04:56.060", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-09-10T21:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=120361015026386&w=2"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/25571"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1019378"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-043C.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2008/0512/references"}, {"source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-010"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36496"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5481"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/4369"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}