CVE-2007-4748

EXPLOITED

PPStream 2.0.1.3829 - Buffer Overflow via Logo Parameter

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2007-4748 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including dummy.

AI-analyzed exploit summary This exploit generates an HTML file targeting CVE-2007-4748, a buffer overflow in the PPS ActiveX control. It embeds shellcode and a heap spray technique to achieve remote code execution when the victim opens the crafted HTML file.

Description

Buffer overflow in the PowerPlayer.dll ActiveX control in PPStream 2.0.1.3829 allows remote attackers to execute arbitrary code via a long Logo parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by dummy · cremotewindows
https://www.exploit-db.com/exploits/4348

This exploit generates an HTML file targeting CVE-2007-4748, a buffer overflow in the PPS ActiveX control. It embeds shellcode and a heap spray technique to achieve remote code execution when the victim opens the crafted HTML file.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: PPS ActiveX Control (clsid:5EC7C511-CD0F-42E6-830C-1BD9882F3458)
No auth needed
Prerequisites: Victim must open the malicious HTML file in a vulnerable browser with the PPS ActiveX control installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/36394
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/38421
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/25502
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/4348

Scores

EPSS 0.0631
EPSS Percentile 91.2%

Details

VulnCheck KEV 2011-09-01
CWE
CWE-119
Status published
Products (1)
ppstream/ppstream 2.0.1.3829
Published Sep 06, 2007
Tracked Since Feb 18, 2026