The tblinf32.dll (aka vstlbinf.dll) ActiveX control for Internet Explorer 5.01, 6 SP1, and 7 uses an incorrect IObjectsafety implementation, which allows remote attackers to execute arbitrary code by requesting the HelpString property, involving a crafted DLL file argument to the TypeLibInfoFromFile function, which overwrites the HelpStringDll property to call the DLLGetDocumentation function in another DLL file, aka "ActiveX Object Vulnerability."
References
Configurations
Configuration 1 (hide)
|
History
23 Jul 2021, 15:04
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:microsoft:ie:5.01:*:*:*:*:*:*:* cpe:2.3:a:microsoft:ie:6:sp1:*:*:*:*:*:* |
cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:* cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:* cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:* |
Information
Published : 2007-08-14 21:17
Updated : 2024-02-04 17:13
NVD link : CVE-2007-2216
Mitre link : CVE-2007-2216
CVE.ORG link : CVE-2007-2216
JSON object : View
Products Affected
microsoft
- internet_explorer
CWE
CWE-16
Configuration