CVE-2007-2814

Pegasus ImagN' ActiveX control 4.00.041 - Buffer Overflow

Title source: llm

Description

Multiple stack-based buffer overflows in the Pegasus ImagN' ActiveX control (IMW32O40.OCX) 4.00.041 allow remote attackers to execute arbitrary code via (1) a long FileName parameter, or unspecified vectors involving the (2) BeginReport, (3) CreatePictureExA, (4) DefineImage, (5) DefineImageEx, (6) DefineImageFox, (7) CopyBufToClipExA, (8) LoadEx, (9) LoadFox, and other functions.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · phpremotewindows

https://www.exploit-db.com/exploits/3966

View Code ZIP pw:eip

References (6)

[Various Sources] http://retrogod.altervista.org/IE_pegasus_imagn_bof.html

[Vendor Advisory] http://secunia.com/advisories/25351

[Exploit] http://www.securityfocus.com/bid/24086

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/34419

[Third Party Advisory, VDB Entry] http://osvdb.org/36518

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/1899

Scores

EPSS 0.0843

EPSS Percentile 92.4%

Details

Status published

Products (1)

pegasus/imagn_activex_control 4.00.041

Published May 22, 2007

Tracked Since Feb 18, 2026