CVE-2007-2495

Name of the Vulnerable Software and Affected Versions ExcelViewer.ocx version 3.1.0.6

Description The issue is related to multiple stack-based buffer overflows in the ExcelOCX ActiveX control. This can be exploited by remote attackers to cause a denial of service, specifically crashing Internet Explorer 7, by providing long property values for certain methods, including DoOleCommand, FTPDownloadFile, FTPUploadFile, HttpUploadFile, Save, SaveWebFile, HttpDownloadFile, Open, or OpenWebFile.

Recommendations For ExcelViewer.ocx version 3.1.0.6, consider disabling the ActiveX control until a patch is available to prevent potential crashes of Internet Explorer 7. Restrict access to the ExcelOCX ActiveX control to minimize the risk of exploitation. Avoid using long property values for the affected methods until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.