Unrated severityNVD Advisory· Published May 22, 2007· Updated Apr 23, 2026

CVE-2007-2814

Description

Multiple stack-based buffer overflows in the Pegasus ImagN' ActiveX control (IMW32O40.OCX) 4.00.041 allow remote attackers to execute arbitrary code via (1) a long FileName parameter, or unspecified vectors involving the (2) BeginReport, (3) CreatePictureExA, (4) DefineImage, (5) DefineImageEx, (6) DefineImageFox, (7) CopyBufToClipExA, (8) LoadEx, (9) LoadFox, and other functions.

Affected products

David Harris/Imagn Activex Control
cpe:2.3:a:pegasus:imagn_activex_control:4.00.041:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/24086nvdExploit
secunia.com/advisories/25351nvdVendor Advisory
osvdb.org/36518nvd
retrogod.altervista.org/IE_pegasus_imagn_bof.htmlnvd
www.vupen.com/english/advisories/2007/1899nvd
exchange.xforce.ibmcloud.com/vulnerabilities/34419nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.007
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000