CVE-2007-2216

The tblinf32.dll (aka vstlbinf.dll) ActiveX control for Internet Explorer 5.01, 6 SP1, and 7 uses an incorrect IObjectsafety implementation, which allows remote attackers to execute arbitrary code by requesting the HelpString property, involving a crafted DLL file argument to the TypeLibInfoFromFile function, which overwrites the HelpStringDll property to call the DLLGetDocumentation function in another DLL file, aka "ActiveX Object Vulnerability."

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/26419	Vendor Advisory
http://securitytracker.com/id?1018562
http://www.osvdb.org/36396
http://www.securityfocus.com/archive/1/476742/100/0/threaded
http://www.securityfocus.com/bid/25289	Patch
http://www.us-cert.gov/cas/techalerts/TA07-226A.html	US Government Resource
http://www.vupen.com/english/advisories/2007/2869	Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2109

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:internet_explorer:5.01:::::::*
	cpe:2.3:a:microsoft:internet_explorer:6:sp1::::::
	cpe:2.3:a:microsoft:internet_explorer:7:::::::*

History

23 Jul 2021, 15:04

Type	Values Removed	Values Added
CPE	cpe:2.3:a:microsoft:ie:7:::::::* cpe:2.3:a:microsoft:ie:5.01:::::::* cpe:2.3:a:microsoft:ie:6:sp1::::::	cpe:2.3:a:microsoft:internet_explorer:5.01:::::::* cpe:2.3:a:microsoft:internet_explorer:7:::::::* cpe:2.3:a:microsoft:internet_explorer:6:sp1::::::

Information

Published : 2007-08-14 21:17

Updated : 2024-02-04 17:13

NVD link : CVE-2007-2216

Mitre link : CVE-2007-2216

CVE.ORG link : CVE-2007-2216

JSON object : View

Products Affected

microsoft

internet_explorer

CWE

CWE-16

Configuration

{"id": "CVE-2007-2216", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-08-14T21:17:00.000", "references": [{"url": "http://secunia.com/advisories/26419", "tags": ["Vendor Advisory"], "source": "secure@microsoft.com"}, {"url": "http://securitytracker.com/id?1018562", "source": "secure@microsoft.com"}, {"url": "http://www.osvdb.org/36396", "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/archive/1/476742/100/0/threaded", "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/bid/25289", "tags": ["Patch"], "source": "secure@microsoft.com"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA07-226A.html", "tags": ["US Government Resource"], "source": "secure@microsoft.com"}, {"url": "http://www.vupen.com/english/advisories/2007/2869", "tags": ["Vendor Advisory"], "source": "secure@microsoft.com"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045", "source": "secure@microsoft.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2109", "source": "secure@microsoft.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-16"}]}], "descriptions": [{"lang": "en", "value": "The tblinf32.dll (aka vstlbinf.dll) ActiveX control for Internet Explorer 5.01, 6 SP1, and 7 uses an incorrect IObjectsafety implementation, which allows remote attackers to execute arbitrary code by requesting the HelpString property, involving a crafted DLL file argument to the TypeLibInfoFromFile function, which overwrites the HelpStringDll property to call the DLLGetDocumentation function in another DLL file, aka \"ActiveX Object Vulnerability.\""}, {"lang": "es", "value": "El control ActiveX de la biblioteca tblinf32.dll (tambi\u00e9n conocida como vstlbinf.dll) para Internet Explorer versiones 5.01, 6 SP1 y 7 utiliza una implementaci\u00f3n IObjectsafety inapropiada, que permite a los atacantes remotos ejecutar c\u00f3digo arbitrario mediante peticiones a la propiedad HelpString, que involucra un argumento de archivo DLL elaborado para la funci\u00f3n TypeLibInfoFromFile, que sobrescribe la propiedad HelpStringDll para llamar a la funci\u00f3n DLLGetDocumentation en otro archivo DLL, tambi\u00e9n se conoce como \"ActiveX Object Vulnerability.\""}], "lastModified": "2021-07-23T15:04:56.060", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6"}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE"}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com"}