CVE-2007-4790

Name of the Vulnerable Software and Affected Versions: Microsoft Visual FoxPro 6.0 Internet Explorer versions 5.01, 6 SP1 and SP2, and 7

Description: A remote code execution issue exists in a component of Microsoft Fox Pro, allowing attackers to execute arbitrary code via a specially crafted Web page. This could enable an attacker to gain the same user rights as the logged on user. The issue involves a stack-based buffer overflow in certain ActiveX controls, specifically when a long first argument is passed to the FoxDoCmd function.

Recommendations: For Microsoft Visual FoxPro 6.0, update to a version that includes the fix for this issue. For Internet Explorer versions 5.01, 6 SP1 and SP2, and 7, update to a version that includes the fix for this issue. As a temporary workaround, consider disabling the FoxDoCmd function until a patch is available.