CVE-2007-0356

Common Controls Replacement Project FolderTreeview ActiveX Control - Denial of Service via Long RootFolder Property

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-0356. PoCs published by shinnai.

AI-analyzed exploit summary This exploit triggers a denial of service (DoS) in the CCRP Folder Treeview Control (ccrpftv6.ocx) by passing an excessively long string to the RootFolder property, causing Internet Explorer to crash.

Description

The Common Controls Replacement Project (CCRP) FolderTreeview (FTV) ActiveX control (ccrpftv6.ocx) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long CCRP.RootFolder property value.

Exploits (1)

exploitdb WORKING POC VERIFIED
by shinnai · htmldoswindows
https://www.exploit-db.com/exploits/3142

This exploit triggers a denial of service (DoS) in the CCRP Folder Treeview Control (ccrpftv6.ocx) by passing an excessively long string to the RootFolder property, causing Internet Explorer to crash.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: CCRP Folder Treeview Control (ccrpftv6.ocx) in Internet Explorer 7 on Windows XP SP2
No auth needed
Prerequisites: Internet Explorer 7 with CCRP Folder Treeview Control installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/22092
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/3142
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/31549

Scores

EPSS 0.1678
EPSS Percentile 96.6%

Details

Status published
Products (2)
common_controls_replacement_project/foldertreeview_activex_control
microsoft/ie 7.0
Published Jan 19, 2007
Tracked Since Feb 18, 2026