CVE-2007-2216

Internet Explorer 5.01-7 - RCE

Title source: llm

Description

The tblinf32.dll (aka vstlbinf.dll) ActiveX control for Internet Explorer 5.01, 6 SP1, and 7 uses an incorrect IObjectsafety implementation, which allows remote attackers to execute arbitrary code by requesting the HelpString property, involving a crafted DLL file argument to the TypeLibInfoFromFile function, which overwrites the HelpStringDll property to call the DLLGetDocumentation function in another DLL file, aka "ActiveX Object Vulnerability."

Exploits (1)

exploitdb WORKING POC VERIFIED

by Brett Moore · textremotewindows

https://www.exploit-db.com/exploits/30490

View Code ZIP pw:eip

References (9)

[Vendor Advisory] http://secunia.com/advisories/26419

[Patch] http://www.securityfocus.com/bid/25289

[US Government Resource] http://www.us-cert.gov/cas/techalerts/TA07-226A.html

[Vendor Advisory] http://www.vupen.com/english/advisories/2007/2869

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/476742/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.osvdb.org/36396

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2109

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1018562

Scores

EPSS 0.7663

EPSS Percentile 99.0%

Details

CWE

CWE-16

Status published

Products (3)

microsoft/internet_explorer 5.01

microsoft/internet_explorer 6 sp1

microsoft/internet_explorer 7

Published Aug 14, 2007

Tracked Since Feb 18, 2026