CVE-2007-4891

CVE Database · CVE-2007-4891

CVE-2007-4891

· N/AModified

CVSS v3.1

N/A

EPSS

31.00%

Published

Sep 13, 2007

Modified

Apr 22, 2026

Public PoC / Exploit (2)

All weaponized →

Exploit-DBMicrosoft Visual Studio 6.0 - 'PDWizard.ocx' Remote Command Execution TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier in Microsoft Visual Studio 6.0 exposes dangerous (1) StartProcess, (2) SyncShell, (3) SaveAs, (4) CABDefaultURL, (5) CABFileName, and (6) CABRunFile methods, which allows remote attackers to execute arbitrary programs and have other impacts, as demonstrated using absolute pathnames in arguments to StartProcess and SyncShell.

Weaknesses (CWE)

CWE-78

Affected Products (2)

microsoft · visual_studiovulnerable

References (12)

http://osvdb.org/37106

http://secunia.com/advisories/26779

http://shinnai.altervista.org/exploits/txt/TXT_AZJ5bXwXvMARqwtfe97I.html

http://www.securityfocus.com/bid/25638

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/36572

https://www.exploit-db.com/exploits/4393