Unrated severityNVD Advisory· Published Sep 14, 2007· Updated Apr 23, 2026

CVE-2007-4891

Description

A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier in Microsoft Visual Studio 6.0 exposes dangerous (1) StartProcess, (2) SyncShell, (3) SaveAs, (4) CABDefaultURL, (5) CABFileName, and (6) CABRunFile methods, which allows remote attackers to execute arbitrary programs and have other impacts, as demonstrated using absolute pathnames in arguments to StartProcess and SyncShell.

Affected products

Microsoft/Visual Studio2 versions
cpe:2.3:a:microsoft:visual_studio:6.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:microsoft:visual_studio:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:visual_studio:6.0.0.9782:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/25638nvdExploit
osvdb.org/37106nvd
secunia.com/advisories/26779nvd
shinnai.altervista.org/exploits/txt/TXT_AZJ5bXwXvMARqwtfe97I.htmlnvd
exchange.xforce.ibmcloud.com/vulnerabilities/36572nvd
www.exploit-db.com/exploits/4393nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.042
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000