CVE-2007-3169
published 2007-06-11CVE-2007-3169: Buffer overflow in a certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer.ocx) 4.0.5.20, and other versions before 5.0, allows…
PriorityP343critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
11.91%
95.6th percentile
Buffer overflow in a certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer.ocx) 4.0.5.20, and other versions before 5.0, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) or execute arbitrary code via a long first argument to the HttpDownloadFile method.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| edraw | office_viewer_component | <= 5.3.220.1 | — |
| edraw | office_viewer_component | <= 5.0 | — |
| edraw | office_viewer_component | — | — |
| edraw | office_viewer_component | — | — |
| edraw | office_viewer_component | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hcfg-mpgp-9qwq: Stack-based buffer overflow in the EDraw
ghsa_unreviewed·2022-05-01·CVSS 9.3
CVE-2007-5257 [CRITICAL] CWE-119 GHSA-hcfg-mpgp-9qwq: Stack-based buffer overflow in the EDraw
Stack-based buffer overflow in the EDraw.OfficeViewer ActiveX control in officeviewer.ocx in EDraw Office Viewer Component 5.3.220.1 and earlier allows remote attackers to execute arbitrary code via long strings in the first and second arguments to the FtpDownloadFile method, a different vector than CVE-2007-4821 and CVE-2007-3169.
GHSA
GHSA-m4wp-q28r-x97q: Buffer overflow in a certain ActiveX control in officeviewer
ghsa_unreviewed·2022-05-01·CVSS 9.3
CVE-2007-4821 [CRITICAL] CWE-119 GHSA-m4wp-q28r-x97q: Buffer overflow in a certain ActiveX control in officeviewer
Buffer overflow in a certain ActiveX control in officeviewer.ocx 5.2.218.1 in EDraw Office Viewer Component 5.2 allows remote attackers to execute arbitrary code via a long first argument to the HttpDownloadFileToTempDir method, a different vulnerability than CVE-2007-3169.
GHSA
GHSA-v8rv-4qvw-rgmx: Buffer overflow in a certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer
ghsa_unreviewed·2022-05-01
CVE-2007-3169 [HIGH] CWE-119 GHSA-v8rv-4qvw-rgmx: Buffer overflow in a certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer
Buffer overflow in a certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer.ocx) 4.0.5.20, and other versions before 5.0, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) or execute arbitrary code via a long first argument to the HttpDownloadFile method.
GHSA
GHSA-pcq5-fq6m-vxj9: Absolute path traversal vulnerability in a certain ActiveX control in officeviewer
ghsa_unreviewed·2022-05-01·CVSS 7.8
CVE-2007-4420 [HIGH] CWE-22 GHSA-pcq5-fq6m-vxj9: Absolute path traversal vulnerability in a certain ActiveX control in officeviewer
Absolute path traversal vulnerability in a certain ActiveX control in officeviewer.ocx 5.1.199.1 in EDraw Office Viewer Component 5.1 allows remote attackers to create or overwrite arbitrary files via a full pathname in the second argument to the HttpDownloadFile method, a different vulnerability than CVE-2007-3168 and CVE-2007-3169.
No detection rules found.
No writeups or analysis indexed.
http://moaxb.blogspot.com/2007/05/moaxb-29-edraw-office-viewer-component.htmlhttp://osvdb.org/36045http://secunia.com/advisories/25418http://shinnai.altervista.org/viewtopic.php?id=42&t_id=32http://www.ocxt.com/archives/28http://www.securityfocus.com/bid/24229http://www.vupen.com/english/advisories/2007/1992https://exchange.xforce.ibmcloud.com/vulnerabilities/34590https://www.exploit-db.com/exploits/4009http://moaxb.blogspot.com/2007/05/moaxb-29-edraw-office-viewer-component.htmlhttp://osvdb.org/36045http://secunia.com/advisories/25418http://shinnai.altervista.org/viewtopic.php?id=42&t_id=32http://www.ocxt.com/archives/28http://www.securityfocus.com/bid/24229http://www.vupen.com/english/advisories/2007/1992https://exchange.xforce.ibmcloud.com/vulnerabilities/34590https://www.exploit-db.com/exploits/4009
2007-06-11
Published