EDraw Office Viewer Component HttpDownloadFileToTempDir ActiveX Buffer Overflow Vulnerability
BID:25593
Info
EDraw Office Viewer Component HttpDownloadFileToTempDir ActiveX Buffer Overflow Vulnerability
| Bugtraq ID: | 25593 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-4821 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 07 2007 12:00AM |
| Updated: | May 07 2015 05:35PM |
| Credit: | shinnai is credited with the discovery of this issue. |
| Vulnerable: |
EDraw Office Viewer Component 5.2.218 .1 EDraw Office Viewer Component 5.2 |
| Not Vulnerable: |
EDraw Office Viewer Component 5.3 |
Discussion
EDraw Office Viewer Component HttpDownloadFileToTempDir ActiveX Buffer Overflow Vulnerability
EDraw Office Viewer Component ActiveX control is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker can exploit this issue to cause a denial-of-service condition and possibly to execute arbitrary code, but has not been confirmed.
This issue affects EDraw Office Viewer Component 5.2; other versions may also be affected.
EDraw Office Viewer Component ActiveX control is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker can exploit this issue to cause a denial-of-service condition and possibly to execute arbitrary code, but has not been confirmed.
This issue affects EDraw Office Viewer Component 5.2; other versions may also be affected.
Exploit / POC
EDraw Office Viewer Component HttpDownloadFileToTempDir ActiveX Buffer Overflow Vulnerability
To exploit this issue, an attacker must entice an unsuspecting user to access a malicious webpage.
The following proof of concept is available:
To exploit this issue, an attacker must entice an unsuspecting user to access a malicious webpage.
The following proof of concept is available:
Solution / Fix
EDraw Office Viewer Component HttpDownloadFileToTempDir ActiveX Buffer Overflow Vulnerability
Solution:
The vendor has released EDraw Office Viewer Component 5.3 to address this issue. Please see the references for more information.
EDraw Office Viewer Component 5.2
EDraw Office Viewer Component 5.2.218 .1
Solution:
The vendor has released EDraw Office Viewer Component 5.3 to address this issue. Please see the references for more information.
EDraw Office Viewer Component 5.2
-
EDraw OfficeViewerSetup.exe
http://www.ocxt.com/download/OfficeViewerSetup.exe
EDraw Office Viewer Component 5.2.218 .1
-
EDraw OfficeViewerSetup.exe
http://www.ocxt.com/download/OfficeViewerSetup.exe
References
EDraw Office Viewer Component HttpDownloadFileToTempDir ActiveX Buffer Overflow Vulnerability
References:
References:
- EDraw Office Viewer Component 5.3 Released (EDraw)
- Microsoft Knowledge Base Article 240797 (Microsoft)
- Office Viewer Component Homepage (EDraw)