CVE-2007-2919

E-Book Systems FlipViewer < 4.1 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2007-2919. PoCs published by Metasploit, including Metasploit module exploits/windows/browser/ebook_flipviewer_fviewerloading.

AI-analyzed exploit summary This is a Metasploit module exploiting a stack buffer overflow in E-BOOK Systems FlipViewer 4.0 via the FViewerLoading ActiveX control's LoadOpf() method. It delivers a payload through a malicious HTML page, achieving remote code execution.

Description

Multiple stack-based buffer overflows in the FViewerLoading ActiveX control (FlipViewerX.dll) in E-Book Systems FlipViewer before 4.1 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via long (1) UID, (2) Opf, (3) PAGENO, (4) LaunchMode, (5) SubID, (6) BookID, (7) LibraryID, (8) SubURL, and (9) LoadOpf properties.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16601

This is a Metasploit module exploiting a stack buffer overflow in E-BOOK Systems FlipViewer 4.0 via the FViewerLoading ActiveX control's LoadOpf() method. It delivers a payload through a malicious HTML page, achieving remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: E-BOOK Systems FlipViewer 4.0
No auth needed
Prerequisites: Target must have FlipViewer 4.0 installed · Target must visit a malicious webpage hosting the exploit
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ebook_flipviewer_fviewerloading.rb

This Metasploit module exploits a stack buffer overflow in E-BOOK Systems FlipViewer 4.0 via the FViewerLoading ActiveX control's LoadOpf() method. It delivers a payload through a malicious HTML page, leveraging JavaScript to trigger the vulnerability and execute arbitrary code.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: E-BOOK Systems FlipViewer 4.0
No auth needed
Prerequisites: Target must have FlipViewer 4.0 installed · Target must visit a malicious webpage hosting the exploit
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/25568
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/24328
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/2081
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/34742
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/37042
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/449089

Scores

EPSS 0.3372
EPSS Percentile 98.2%

Details

Status published
Products (1)
e-book_systems/flipviewer < 4.0
Published Jun 06, 2007
Tracked Since Feb 18, 2026