CVE-2007-4145

BlueSkychat V2.V2Ctrl.1 <8.1.2.0 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-4145. PoCs published by Code Audit Labs.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in BlueSkyChat ActiveX control by passing an overly long string to the 'ConnecttoServer' method, potentially leading to arbitrary code execution in the context of Internet Explorer.

Description

Heap-based buffer overflow in the BlueSkychat (BlueSkyCat) ActiveX control (V2.V2Ctrl.1) in v2.ocx 8.1.2.0 and earlier allows remote attackers to execute arbitrary code via a long string in the second argument to the ConnecttoServer method.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Code Audit Labs · htmlremotewindows

https://www.exploit-db.com/exploits/30441

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in BlueSkyChat ActiveX control by passing an overly long string to the 'ConnecttoServer' method, potentially leading to arbitrary code execution in the context of Internet Explorer.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: BlueSkyChat ActiveX control 8.1.2.0

No auth needed

Prerequisites: Victim must visit a malicious webpage using Internet Explorer with the vulnerable ActiveX control installed

MITRE ATT&CK