Vulnerabilities > CVE-2007-0827 - Remote Code Execution vulnerability in Alipay Password Input ActiveX Control
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The Alibaba Alipay PTA Module ActiveX control (PTA.DLL) allows remote attackers to execute arbitrary code via a JavaScript function that invokes the Remove method with an invalid index argument, which is used as an offset for a function call.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Alibaba Alipay (Remove ActiveX) Remote Code Execution Exploit. CVE-2007-0827. Remote exploit for windows platform |
file | exploits/windows/remote/3279.html |
id | EDB-ID:3279 |
last seen | 2016-01-31 |
modified | 2007-02-06 |
platform | windows |
port | |
published | 2007-02-06 |
reporter | cocoruder |
source | https://www.exploit-db.com/download/3279/ |
title | Alibaba Alipay Remove ActiveX Remote Code Execution Exploit |
type | remote |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052250.html
- http://osvdb.org/33123
- http://secunia.com/advisories/24063
- http://www.securityfocus.com/bid/22446
- http://www.vupen.com/english/advisories/2007/0520
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32367
- https://www.exploit-db.com/exploits/3279