CVE-2007-4891 Information

Description

A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier in Microsoft Visual Studio 6.0 exposes dangerous (1) StartProcess (2) SyncShell (3) SaveAs (4) CABDefaultURL (5) CABFileName and (6) CABRunFile methods which allows remote attackers to execute arbitrary programs and have other impacts as demonstrated using absolute pathnames in arguments to StartProcess and SyncShell.

Reference

http://osvdb.org/37106 http://secunia.com/advisories/26779 http://shinnai.altervista.org/exploits/txt/TXT_AZJ5bXwXvMARqwtfe97I.html http://www.securityfocus.com/bid/25638 https://exchange.xforce.ibmcloud.com/vulnerabilities/36572 https://www.exploit-db.com/exploits/4393