CVE-2007-2903

Microsoft Office ActiveX <1.0.1.9 - Buffer Overflow

Title source: llm

Description

Buffer overflow in the HelpPopup method in the Microsoft Office 2000 Controllo UA di Microsoft Office ActiveX control (OUACTRL.OCX) 1.0.1.9 allows remote attackers to cause a denial of service (probably winhlp32.exe crash) via a long first argument. NOTE: it is not clear whether this issue crosses privilege boundaries.

Exploits (1)

exploitdb WORKING POC VERIFIED

by shinnai · htmldoswindows

https://www.exploit-db.com/exploits/3973

View Code ZIP pw:eip

References (7)

[Various Sources] http://shinnai.altervista.org/viewtopic.php?id=42&t_id=26

[Exploit] http://moaxb.blogspot.com/2007/05/moaxb-23-microsoft-office-2000.html

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/34473

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1018107

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/24118

[Third Party Advisory, VDB Entry] http://osvdb.org/36034

[Exploit] http://www.shinnai.altervista.org/moaxb/20070523/ouactrltxt.html

Scores

EPSS 0.4248

EPSS Percentile 97.5%

Details

Status published

Products (1)

microsoft/office 2000

Published May 30, 2007

Tracked Since Feb 18, 2026