Edraw Diagram Component ActiveX Control 'LicenseName()' Method Buffer Overflow Vulnerability
BID:51866
Info
Edraw Diagram Component ActiveX Control 'LicenseName()' Method Buffer Overflow Vulnerability
| Bugtraq ID: | 51866 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 06 2012 12:00AM |
| Updated: | Feb 06 2012 12:00AM |
| Credit: | Senator of Pirates |
| Vulnerable: |
EDrawSoft Edraw Diagram Component 5 |
| Not Vulnerable: | |
Discussion
Edraw Diagram Component ActiveX Control 'LicenseName()' Method Buffer Overflow Vulnerability
Edraw Diagram Component ActiveX control ('EDBoard.ocx') is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
An attacker can exploit this issue to execute arbitrary code in the context of the application, usually Internet Explorer, using the ActiveX control. Failed attacks will likely cause denial-of-service conditions.
Edraw Diagram Component 5 is vulnerable; other versions may also be affected.
Edraw Diagram Component ActiveX control ('EDBoard.ocx') is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
An attacker can exploit this issue to execute arbitrary code in the context of the application, usually Internet Explorer, using the ActiveX control. Failed attacks will likely cause denial-of-service conditions.
Edraw Diagram Component 5 is vulnerable; other versions may also be affected.
Solution / Fix
Edraw Diagram Component ActiveX Control 'LicenseName()' Method Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Edraw Diagram Component ActiveX Control 'LicenseName()' Method Buffer Overflow Vulnerability
References:
References:
- Edraw Diagram Component Homepage (EdrawSoft)
- Microsoft Knowledge Base Article 240797 (Microsoft)