CVE-2007-4891
Microsoft Visual Studio - OS Command Injection
Title source: ruleDescription
A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier in Microsoft Visual Studio 6.0 exposes dangerous (1) StartProcess, (2) SyncShell, (3) SaveAs, (4) CABDefaultURL, (5) CABFileName, and (6) CABRunFile methods, which allows remote attackers to execute arbitrary programs and have other impacts, as demonstrated using absolute pathnames in arguments to StartProcess and SyncShell.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by shinnai · htmlremotewindows
https://www.exploit-db.com/exploits/4393
References (6)
Scores
EPSS
0.5167
EPSS Percentile
97.9%
Details
CWE
CWE-78
Status
published
Products (2)
microsoft/visual_studio
6.0
microsoft/visual_studio
6.0.0.9782
Published
Sep 14, 2007
Tracked Since
Feb 18, 2026