CVE-2007-3111

Microsoft Internet Explorer - Buffer Overflow

Title source: rule

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-3111. PoCs published by rgod.

AI-analyzed exploit summary This exploit targets a remote SEH overwrite vulnerability in Provideo Camimage class (ISSCamControl.dll 1.0.1.5) via Internet Explorer 6. It uses a crafted URL to trigger the vulnerability and execute shellcode that adds a user 'su' with password 'tzu'.

Description

Buffer overflow in the Provideo Camimage ActiveX control in ISSCamControl.dll 1.0.1.5, when Internet Explorer 6 is used on Windows 2000 SP4, allows remote attackers to execute arbitrary code via a long URL property value.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · htmlremotewindows

https://www.exploit-db.com/exploits/4023

View Code ZIP pw:eip

This exploit targets a remote SEH overwrite vulnerability in Provideo Camimage class (ISSCamControl.dll 1.0.1.5) via Internet Explorer 6. It uses a crafted URL to trigger the vulnerability and execute shellcode that adds a user 'su' with password 'tzu'.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Provideo Camimage class (ISSCamControl.dll 1.0.1.5) on Internet Explorer 6

No auth needed

Prerequisites: Internet Explorer 6 · Provideo Camimage class (ISSCamControl.dll 1.0.1.5) installed · Target system running Windows 2000 SP4

MITRE ATT&CK