CVE-2007-5322

Microsoft Visual FoxPro 6.0 - Remote Code Execution via FPOLE.OCX FoxDoCmd Function

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-5322. PoCs published by shinnai.

AI-analyzed exploit summary This exploit leverages the FoxDoCmd method in the FPOLE.OCX ActiveX control to execute arbitrary commands. It demonstrates command execution via a VBScript onclick event, launching cmd.exe to open notepad.exe.

Description

Insecure method vulnerability in the FPOLE.OCX 6.0.8450.0 ActiveX control in Microsoft Visual FoxPro 6.0 allows remote attackers to execute arbitrary programs by specifying them as an argument to the FoxDoCmd function.

Exploits (1)

exploitdb WORKING POC VERIFIED

by shinnai · htmlremotewindows

https://www.exploit-db.com/exploits/4506

View Code ZIP pw:eip

This exploit leverages the FoxDoCmd method in the FPOLE.OCX ActiveX control to execute arbitrary commands. It demonstrates command execution via a VBScript onclick event, launching cmd.exe to open notepad.exe.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Visual FoxPro 6.0 FPOLE.OCX (Version 6.0.8450.0)

No auth needed

Prerequisites: Victim must visit a malicious webpage or open a malicious HTML file · FPOLE.OCX must be registered and vulnerable on the target system

devstral-2 · analyzed Feb 16, 2026 Full analysis →