CVE-2007-4891

Microsoft Visual Studio PDWizard.ocx - Remote Code Execution via ActiveX Control Methods

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-4891. PoCs published by shinnai.

AI-analyzed exploit summary This exploit leverages the `StartProcess()` method in the PDWizard.ocx ActiveX control to execute arbitrary commands, demonstrated by launching calc.exe. The vulnerability allows remote command execution via a malicious webpage.

Description

A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier in Microsoft Visual Studio 6.0 exposes dangerous (1) StartProcess, (2) SyncShell, (3) SaveAs, (4) CABDefaultURL, (5) CABFileName, and (6) CABRunFile methods, which allows remote attackers to execute arbitrary programs and have other impacts, as demonstrated using absolute pathnames in arguments to StartProcess and SyncShell.

Exploits (1)

exploitdb WORKING POC VERIFIED

by shinnai · htmlremotewindows

https://www.exploit-db.com/exploits/4393

View Code ZIP pw:eip

This exploit leverages the `StartProcess()` method in the PDWizard.ocx ActiveX control to execute arbitrary commands, demonstrated by launching calc.exe. The vulnerability allows remote command execution via a malicious webpage.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Visual Studio 6.0 PDWizard (PDWizard.ocx <= 6.0.0.9782)

No auth needed

Prerequisites: Victim must visit a malicious webpage · PDWizard.ocx must be installed and vulnerable

MITRE ATT&CK