CVE-2007-4790

2007-09-1021:17:00

CWE-119

mitre

web.nvd.nist.gov

cve-2007-4790

microsoft visual foxpro

internet explorer

buffer overflow

activex

remote code execution

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

High

EPSS

0.965

Percentile

99.6%

JSON

Stack-based buffer overflow in certain ActiveX controls in (1) FPOLE.OCX 6.0.8450.0 and (2) Foxtlib.ocx, as used in the Microsoft Visual FoxPro 6.0 fpole 1.0 Type Library; and Internet Explorer 5.01, 6 SP1 and SP2, and 7; allows remote attackers to execute arbitrary code via a long first argument to the FoxDoCmd function.

Affected configurations

Nvd

Node

microsoftinternet_explorerMatch5.01

microsoftinternet_explorerMatch6sp1

microsoftinternet_explorerMatch6sp2

microsoftinternet_explorerMatch7

microsoftvisual_foxproMatch6.0

VendorProductVersionCPE
microsoftinternet_explorer5.01cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*
microsoftinternet_explorer6cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*
microsoftinternet_explorer6cpe:2.3:a:microsoft:internet_explorer:6:sp2:*:*:*:*:*:*
microsoftinternet_explorer7cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
microsoftvisual_foxpro6.0cpe:2.3:a:microsoft:visual_foxpro:6.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	internet_explorer	5.01	cpe:2.3:a:microsoft:internet_explorer:5.01:::::::*
microsoft	internet_explorer	6	cpe:2.3:a:microsoft:internet_explorer:6:sp1::::::
microsoft	internet_explorer	6	cpe:2.3:a:microsoft:internet_explorer:6:sp2::::::
microsoft	internet_explorer	7	cpe:2.3:a:microsoft:internet_explorer:7:::::::*
microsoft	visual_foxpro	6.0	cpe:2.3:a:microsoft:visual_foxpro:6.0:::::::*