VYPR
Unrated severityNVD Advisory· Published Sep 14, 2007· Updated Jun 16, 2026

CVE-2007-4891

CVE-2007-4891

Description

A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier in Microsoft Visual Studio 6.0 exposes dangerous (1) StartProcess, (2) SyncShell, (3) SaveAs, (4) CABDefaultURL, (5) CABFileName, and (6) CABRunFile methods, which allows remote attackers to execute arbitrary programs and have other impacts, as demonstrated using absolute pathnames in arguments to StartProcess and SyncShell.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • cpe:2.3:a:microsoft:visual_studio:6.0:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:microsoft:visual_studio:6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:visual_studio:6.0.0.9782:*:*:*:*:*:*:*
    • (no CPE)range: <=6.0.0.9782
  • Range: <=6.0.0.9782

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.