CVE-2007-2623

Remote Display Dev kit 1.2.1.0 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2623. PoCs published by shinnai.

AI-analyzed exploit summary This exploit targets a denial of service vulnerability in RControl.dll v1.2.1.0 by triggering a heap overflow via overly long strings passed to the 'connect' or 'InternalServer' methods of an ActiveX object. The PoC uses VBScript to deliver the payload through Internet Explorer.

Description

Multiple buffer overflows in RControl.dll in Remote Display Dev kit 1.2.1.0 allow remote attackers to cause a denial of service (Internet Explorer 7 crash) via (1) a long first argument to the connect function or (2) a long InternalServer property value, possibly involving ntdll.dll.

Exploits (1)

exploitdb WORKING POC VERIFIED

by shinnai · htmldoswindows

https://www.exploit-db.com/exploits/3891

View Code ZIP pw:eip

This exploit targets a denial of service vulnerability in RControl.dll v1.2.1.0 by triggering a heap overflow via overly long strings passed to the 'connect' or 'InternalServer' methods of an ActiveX object. The PoC uses VBScript to deliver the payload through Internet Explorer.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: RControl.dll v1.2.1.0

No auth needed

Prerequisites: Internet Explorer with ActiveX enabled · RControl.dll v1.2.1.0 installed

MITRE ATT&CK