PT-2007-7326 · Microsoft+1 · Internet Explorer+1

Published

2007-12-20

Updated

2018-10-15

CVE-2007-6492

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions iMesh versions 7.1.0.x and earlier

Description The issue allows remote attackers to cause a denial of service, resulting in an Internet Explorer 7 crash, by passing an empty string in the argument to the ProcessRequestEx method. This is related to the IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll.

Recommendations For iMesh versions 7.1.0.x and earlier, consider disabling the ProcessRequestEx method as a temporary workaround until a patch is available. Restrict access to the IMWeb.IMWebControl.1 ActiveX control to minimize the risk of exploitation. Avoid using empty strings in the argument to the ProcessRequestEx method in the affected API endpoint until the issue is resolved.

Exploit

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2007-6492

Affected Products

Internet Explorer

Imesh

PT-2007-7326 · Microsoft+1 · Internet Explorer+1

CVE-2007-6492

Weakness Enumeration

Related Identifiers

Affected Products

References · 7