CVE-2007-3071

eSellerate SDK 3.6.5.0 - Buffer Overflow via GetWebStoreURL ActiveX Control

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2007-3071. PoCs published by metacom, shinnai.

AI-analyzed exploit summary This exploit leverages a heap spray technique to trigger a buffer overflow in the eSellerateControl350.dll ActiveX component via the 'GetWebStoreURL' method, leading to arbitrary code execution (calc.exe). The payload is embedded in the HTML and executed when the user clicks the button.

Description

Buffer overflow in the GetWebStoreURL function in a certain ActiveX control in eSellerateControl365.dll 3.6.5.0 in eSellerate SDK allows user-assisted remote attackers to execute arbitrary code via a long first argument.

Exploits (2)

exploitdb WORKING POC VERIFIED

by metacom · htmlwebappswindows

https://www.exploit-db.com/exploits/37319

View Code ZIP pw:eip

This exploit leverages a heap spray technique to trigger a buffer overflow in the eSellerateControl350.dll ActiveX component via the 'GetWebStoreURL' method, leading to arbitrary code execution (calc.exe). The payload is embedded in the HTML and executed when the user clicks the button.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Tango DropBox ActiveX Control (eSellerateControl350.dll) version 3.6.5.0

No auth needed

Prerequisites: Victim must visit the malicious HTML page · ActiveX control must be installed and enabled

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by shinnai · htmlremotewindows

https://www.exploit-db.com/exploits/30144

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in the eSellerate SDK ActiveX control (CVE-2007-3071) by crafting a malicious input string with shellcode to achieve remote code execution. The PoC uses VBScript to trigger the overflow via the GetWebStoreURL method.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: eSellerate SDK 3.6.5.0

No auth needed

Prerequisites: Victim must visit a malicious webpage hosting the exploit · ActiveX control must be enabled in the browser

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/38803

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/35003

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/24300

Exploit x_refsource_misc

http://www.shinnai.altervista.org/exploits/esellerate.html

Scores

EPSS 0.0584

EPSS Percentile 92.2%

Details

Status published

Products (1)

digital_river/esellerate_sdk 3.6.5.0

Published Jun 06, 2007

Tracked Since Feb 18, 2026