CVE-2007-2496

EXPLOITED

WordViewer.ocx 3.2.0.5 - Denial of Service via Long Property Value

Title source: llm

Exploitation Summary

CVE-2007-2496 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including shinnai.

AI-analyzed exploit summary This exploit demonstrates a Denial of Service (DoS) vulnerability in WordViewer.ocx v3.2.0.5 by passing excessively long strings or invalid arguments to multiple methods, causing the application to crash.

Description

The WordOCX ActiveX control in WordViewer.ocx 3.2.0.5 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) DoOleCommand, (2) FTPDownloadFile, (3) FTPUploadFile, (4) HttpUploadFile, (5) GotoPage, (6) Save, (7) SaveWebFile, (8) HttpDownloadFile, (9) Open, (10) OpenWebFile, (11) SaveAs, or (12) ShowWordStandardDialog property value.

Exploits (1)

exploitdb WORKING POC VERIFIED

by shinnai · htmldoswindows

https://www.exploit-db.com/exploits/3836

View Code ZIP pw:eip

This exploit demonstrates a Denial of Service (DoS) vulnerability in WordViewer.ocx v3.2.0.5 by passing excessively long strings or invalid arguments to multiple methods, causing the application to crash.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: WordViewer.ocx v3.2.0.5

No auth needed

Prerequisites: Internet Explorer with the vulnerable WordViewer.ocx control installed

MITRE ATT&CK