CVE-2007-4891

medium Microsoft
CVSS v3 Base Score
6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS Score
51.7%
Exploitation probability in 30 days
Top 2% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
P
Integrity
P
Availability
P
Published: September 14, 2007 (6817 days ago)
Last Modified: April 23, 2026
Vendor: Microsoft
Source: NVD

Description

A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier in Microsoft Visual Studio 6.0 exposes dangerous (1) StartProcess, (2) SyncShell, (3) SaveAs, (4) CABDefaultURL, (5) CABFileName, and (6) CABRunFile methods, which allows remote attackers to execute arbitrary programs and have other impacts, as demonstrated using absolute pathnames in arguments to StartProcess and SyncShell.

CWE

CWE-78

Affected Products

microsoft visual studio

References

🔗 osvdb.org 🔗 secunia.com 🔗 shinnai.altervista.org 🔗 www.securityfocus.com 🔗 exchange.xforce.ibmcloud.com