PT-2007-4160 · Microsoft+1 · Internet Explorer+1
Published
2007-05-24
·
Updated
2018-10-16
·
CVE-2007-2856
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Dart Communications PowerTCP ZIP Compression ActiveX control version 1.8.5.3
Internet Explorer version 6
Description
The issue is related to a buffer overflow in the Dart Communications PowerTCP ZIP Compression ActiveX control. This occurs when a long first argument is passed to the
QuickZip function, allowing remote attackers to execute arbitrary code. The attack requires user assistance and is related to an issue in Internet Explorer 6.Recommendations
For Dart Communications PowerTCP ZIP Compression ActiveX control version 1.8.5.3, consider disabling the
QuickZip function until a patch is available.
For Internet Explorer version 6, restrict the use of the Dart Communications PowerTCP ZIP Compression ActiveX control to minimize the risk of exploitation.Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dart Communications Powertcp Zip Compression Activex Control
Internet Explorer