Vulnerabilities > CVE-2007-0827 - Remote Code Execution vulnerability in Alipay Password Input ActiveX Control

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
alibaba
exploit available

Summary

The Alibaba Alipay PTA Module ActiveX control (PTA.DLL) allows remote attackers to execute arbitrary code via a JavaScript function that invokes the Remove method with an invalid index argument, which is used as an offset for a function call.

Vulnerable Configurations

Part Description Count
Application
Alibaba
1

Exploit-Db

descriptionAlibaba Alipay (Remove ActiveX) Remote Code Execution Exploit. CVE-2007-0827. Remote exploit for windows platform
fileexploits/windows/remote/3279.html
idEDB-ID:3279
last seen2016-01-31
modified2007-02-06
platformwindows
port
published2007-02-06
reportercocoruder
sourcehttps://www.exploit-db.com/download/3279/
titleAlibaba Alipay Remove ActiveX Remote Code Execution Exploit
typeremote