CVE-2007-2216

Internet Explorer 5.01, 6 SP1, and 7 - Remote Code Execution via tblinf32.dll ActiveX Control

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2216. PoCs published by Brett Moore.

AI-analyzed exploit summary This exploit leverages a vulnerability in the Microsoft Visual Basic 6 TypeLib Information Library (TLI) ActiveX control to execute arbitrary code by enticing a victim to open a maliciously crafted HTML document. The PoC demonstrates how to call a remote DLL's GetDocumentation function via the TypeLibInfoFromFile method.

Description

The tblinf32.dll (aka vstlbinf.dll) ActiveX control for Internet Explorer 5.01, 6 SP1, and 7 uses an incorrect IObjectsafety implementation, which allows remote attackers to execute arbitrary code by requesting the HelpString property, involving a crafted DLL file argument to the TypeLibInfoFromFile function, which overwrites the HelpStringDll property to call the DLLGetDocumentation function in another DLL file, aka "ActiveX Object Vulnerability."

Exploits (1)

exploitdb WORKING POC VERIFIED
by Brett Moore · textremotewindows
https://www.exploit-db.com/exploits/30490

This exploit leverages a vulnerability in the Microsoft Visual Basic 6 TypeLib Information Library (TLI) ActiveX control to execute arbitrary code by enticing a victim to open a maliciously crafted HTML document. The PoC demonstrates how to call a remote DLL's GetDocumentation function via the TypeLibInfoFromFile method.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Microsoft Visual Basic 6 TypeLib Information Library (TLI) ActiveX control
No auth needed
Prerequisites: Victim must open a maliciously crafted HTML document · Access to a remote share hosting a malicious DLL
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/36396
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA07-226A.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2109
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/2869
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26419
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/25289
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1018562
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/476742/100/0/threaded

Scores

EPSS 0.4139
EPSS Percentile 98.5%

Details

CWE
CWE-16
Status published
Products (3)
microsoft/internet_explorer 5.01
microsoft/internet_explorer 6 sp1
microsoft/internet_explorer 7
Published Aug 14, 2007
Tracked Since Feb 18, 2026