CVE-2007-4420
published 2007-08-18CVE-2007-4420: Absolute path traversal vulnerability in a certain ActiveX control in officeviewer.ocx 5.1.199.1 in EDraw Office Viewer Component 5.1 allows remote attackers…
PriorityP342critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
2.92%
85.3th percentile
Absolute path traversal vulnerability in a certain ActiveX control in officeviewer.ocx 5.1.199.1 in EDraw Office Viewer Component 5.1 allows remote attackers to create or overwrite arbitrary files via a full pathname in the second argument to the HttpDownloadFile method, a different vulnerability than CVE-2007-3168 and CVE-2007-3169.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| edraw | flowchart_activex | <= 2.3 | — |
| edraw | office_viewer_component | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v4p8-cpq3-f35v: Absolute path traversal vulnerability in the EDraw Flowchart ActiveX control in EDImage
ghsa_unreviewed·2022-05-01·CVSS 9.3
CVE-2007-5826 [CRITICAL] CWE-22 GHSA-v4p8-cpq3-f35v: Absolute path traversal vulnerability in the EDraw Flowchart ActiveX control in EDImage
Absolute path traversal vulnerability in the EDraw Flowchart ActiveX control in EDImage.ocx 2.0.2005.1104 allows remote attackers to create or overwrite arbitrary files with arbitrary contents via a full pathname in the second argument to the HttpDownloadFile method, a different product than CVE-2007-4420.
GHSA
GHSA-pcq5-fq6m-vxj9: Absolute path traversal vulnerability in a certain ActiveX control in officeviewer
ghsa_unreviewed·2022-05-01·CVSS 7.8
CVE-2007-4420 [HIGH] CWE-22 GHSA-pcq5-fq6m-vxj9: Absolute path traversal vulnerability in a certain ActiveX control in officeviewer
Absolute path traversal vulnerability in a certain ActiveX control in officeviewer.ocx 5.1.199.1 in EDraw Office Viewer Component 5.1 allows remote attackers to create or overwrite arbitrary files via a full pathname in the second argument to the HttpDownloadFile method, a different vulnerability than CVE-2007-3168 and CVE-2007-3169.
No detection rules found.
No writeups or analysis indexed.
http://osvdb.org/38794http://www.ocxt.com/archives/39http://www.securityfocus.com/bid/25344https://exchange.xforce.ibmcloud.com/vulnerabilities/36055https://www.exploit-db.com/exploits/4290http://osvdb.org/38794http://www.ocxt.com/archives/39http://www.securityfocus.com/bid/25344https://exchange.xforce.ibmcloud.com/vulnerabilities/36055https://www.exploit-db.com/exploits/4290
2007-08-18
Published