CVE-2007-6493

imesh < 7.1.0.37263 - Remote Code Execution via SetHandler Method

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2007-6493. PoCs published by rgod.

AI-analyzed exploit summary This exploit targets a heap overflow vulnerability in iMesh <= 7.1.0.x via the IMWebControl ActiveX component. It uses heap spraying and a crafted value to hijack the ECX register, leading to arbitrary code execution.

Description

The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to execute arbitrary code via a certain argument to the SetHandler method.

Exploits (2)

exploitdb WORKING POC VERIFIED
by rgod · textremotewindows
https://www.exploit-db.com/exploits/12244

This exploit targets a heap overflow vulnerability in iMesh <= 7.1.0.x via the IMWebControl ActiveX component. It uses heap spraying and a crafted value to hijack the ECX register, leading to arbitrary code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: iMesh <= 7.1.0.x (IMWeb.dll 7.0.0.x)
No auth needed
Prerequisites: Victim must visit a malicious webpage using Internet Explorer · iMesh client must be installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by rgod · htmlremotewindows
https://www.exploit-db.com/exploits/30897

This exploit targets a memory corruption vulnerability in iMesh's ActiveX control (CLSID: 7C3B01BC-53A5-48A0-A43B-0C67731134B9) by triggering a heap spray with shellcode to achieve remote code execution. The exploit uses JavaScript and VBScript to manipulate the control's methods (`SetHandler` and `ProcessRequestEx`) to execute arbitrary code.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: iMesh 7.1.0.37263 and prior
No auth needed
Prerequisites: Victim must visit a malicious webpage using Internet Explorer with the vulnerable ActiveX control enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/4240
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/485261/100/0/threaded
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28134
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/40239

Scores

EPSS 0.0676
EPSS Percentile 93.1%

Details

CWE
CWE-20
Status published
Products (1)
imesh.com/imesh < 7.1.0.37263
Published Dec 20, 2007
Tracked Since Feb 18, 2026