CVE-2007-2987

EXPLOITED

Zenturi ProgramChecker - Remote Code Execution via DebugMsgLog or DoFileProperties Methods

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2007-2987 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 4 public exploits from researchers including Metasploit, shinnai, MC, including a Metasploit module exploits/windows/browser/zenturiprogramchecker_unsafe.

AI-analyzed exploit summary This Metasploit module exploits an arbitrary file download vulnerability in the Zenturi ProgramChecker ActiveX control (sasatl.dll 1.5.0.531) via CVE-2007-2987. It delivers a payload by hosting an HTML page that triggers the vulnerable ActiveX control to download and execute an arbitrary file.

Description

Multiple buffer overflows in certain ActiveX controls in sasatl.dll in Zenturi ProgramChecker allow remote attackers to execute arbitrary code via unspecified vectors, possibly involving the (1) DebugMsgLog or (2) DoFileProperties methods.

Exploits (4)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16540

This Metasploit module exploits an arbitrary file download vulnerability in the Zenturi ProgramChecker ActiveX control (sasatl.dll 1.5.0.531) via CVE-2007-2987. It delivers a payload by hosting an HTML page that triggers the vulnerable ActiveX control to download and execute an arbitrary file.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Zenturi ProgramChecker ActiveX Control (sasatl.dll 1.5.0.531)
No auth needed
Prerequisites: Victim must visit a malicious webpage hosting the exploit · ActiveX control must be installed and enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by shinnai · htmlremotewindows
https://www.exploit-db.com/exploits/4021

This is a working proof-of-concept exploit for a remote buffer overflow vulnerability in Zenturi ProgramChecker ActiveX (sasatl.dll). It leverages a crafted buffer to overwrite EIP and execute shellcode via a heap spray technique.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Zenturi ProgramChecker ActiveX (sasatl.dll)
No auth needed
Prerequisites: Victim must visit a malicious webpage or open a malicious HTML file · ActiveX control must be installed and enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
htmlremotewindows
https://www.exploit-db.com/exploits/4214

This exploit leverages a heap spray technique to trigger a buffer overflow in the Zenturi NixonMyPrograms Class (sasatl.dll v. 1.5.0.531) via the Scan() method, executing calc.exe as a payload. The exploit is delivered through a malicious HTML page targeting Internet Explorer.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Zenturi NixonMyPrograms Class (sasatl.dll v. 1.5.0.531)
No auth needed
Prerequisites: Victim must visit a malicious webpage using Internet Explorer · Target system must have the vulnerable sasatl.dll component installed
devstral-2 · analyzed Feb 19, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by MC · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/zenturiprogramchecker_unsafe.rb

This Metasploit module exploits an arbitrary file download vulnerability in the Zenturi ProgramChecker ActiveX control (sasatl.dll 1.5.0.531) to place a malicious executable on the target system. It uses a crafted HTML page with JavaScript to trigger the DownloadFile method, delivering a payload EXE to a specified path.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Zenturi ProgramChecker sasatl.dll (1.5.0.531)
No auth needed
Prerequisites: Target must have the vulnerable ActiveX control installed · Target must visit the attacker-controlled web page
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/24217
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/36715
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/24274
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1977
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/603529
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/25473

Scores

EPSS 0.7365
EPSS Percentile 98.8%

Details

VulnCheck KEV 2010-05-01
CWE
CWE-119
Status published
Products (1)
zenturi/zenturi_programchecker
Published Jun 01, 2007
Tracked Since Feb 18, 2026