CVE-2007-2856
RCETitle: Microsoft Internet Explorer RCE
RCE
Proof Of Concept
PoC Available for CVE-2007-2856
CWE Category
CWE-119
Published Date
May 24, 2007
Modified Date
Apr 09, 2025
Exploit Status
Available
Score
9.3
CVSS v2.0
Exploit Probability (EPSS)
18.17%
Vulnerability Summary
CVE-2007-2856: Buffer overflow in the Dart Communications PowerTCP ZIP Compression ActiveX control in DartZip.dll 1.8.5.3, when Internet Explorer 6 is used, allows user-assisted remote attackers to execute arbitrary code via a long first argument to the QuickZip function, a related issue to CVE-2007-2855.
Impacted Vendors
Reference Links
http://osvdb.org/38111
http://retrogod.altervista.org/ie_DartZip_bof.html
http://www.securityfocus.com/archive/1/469503/100/0/threaded
http://www.securityfocus.com/archive/1/469592/100/0/threaded
http://www.securityfocus.com/bid/24142
http://www.securityfocus.com/bid/24163
https://exchange.xforce.ibmcloud.com/vulnerabilities/34494
https://exchange.xforce.ibmcloud.com/vulnerabilities/34520
http://osvdb.org/38111
http://retrogod.altervista.org/ie_DartZip_bof.html
http://www.securityfocus.com/archive/1/469503/100/0/threaded
http://www.securityfocus.com/archive/1/469592/100/0/threaded
http://www.securityfocus.com/bid/24142
http://www.securityfocus.com/bid/24163
https://exchange.xforce.ibmcloud.com/vulnerabilities/34494
https://exchange.xforce.ibmcloud.com/vulnerabilities/34520
CVSS v2.0
Source Entity
[email protected]
Severity
HIGH
9.3
Access Vector
N/A
Authentication
N/A
RAW VECTOR
AV:N/AC:M/Au:N/C:C/I:C/A:C
Associated Attack Patterns (CAPEC)
Total: PatternsNo specific attack patterns mapped.
Likelihood
Severity
Page /
CVE-2007-2856 Exploits & PoCs (Proof Of Concept)
MODIFIED
Vulnerability data or affected products updated.
PUBLISHED
Vulnerability first announced in NVD.
Attack Vector Matrix
Access Vector
N/A
Complexity
N/A
Privileges
N/A
Interaction
NONE
CVSS Vector String
AV:N/AC:M/Au:N/C:C/I:C/A:C
Affected Stack
No specific products linked.