Exploitation Summary
EIP tracks 2 public exploits for CVE-2007-2884. PoCs published by UmZ.
AI-analyzed exploit summary This exploit generates a malformed Visual Basic 6 project file with an overly long 'Description' field (1037690 characters) to trigger a stack overflow in the VB6 IDE. The PoC demonstrates a DoS and potential privilege escalation via SEH-based exploitation.
Description
Multiple stack-based buffer overflows in Microsoft Visual Basic 6 allow user-assisted remote attackers to cause a denial of service (CPU consumption) or execute arbitrary code via a Visual Basic Project (vbp) file with a long (1) Description or (2) Company Name (VersionCompanyName) field.
Exploits (2)
This exploit generates a malformed Visual Basic 6 project file with an overly long 'Description' field (1037690 characters) to trigger a stack overflow in the VB6 IDE. The PoC demonstrates a DoS and potential privilege escalation via SEH-based exploitation.
This Perl script generates a malformed Visual Basic 6 project file that exploits a stack overflow vulnerability in the 'Company Name' field, leading to a DoS condition with 100% CPU usage. The exploit crafts a .vbp file with an excessively long 'VersionCompanyName' field to trigger the vulnerability.