Security Advisory

CVE-2007-4891

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2007-09-14 01:00:00

Last updated 2024-08-07 15:08:33

Assigner mitre

State PUBLISHED

Description

A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier in Microsoft Visual Studio 6.0 exposes dangerous (1) StartProcess, (2) SyncShell, (3) SaveAs, (4) CABDefaultURL, (5) CABFileName, and (6) CABRunFile methods, which allows remote attackers to execute arbitrary programs and have other impacts, as demonstrated using absolute pathnames in arguments to StartProcess and SyncShell.

← Browse all CVEs View on cve.org ↗