Edraw Office Viewer Component vulnerabilities
5 known vulnerabilities affecting edraw/office_viewer_component.
Total CVEs
5
CISA KEV
0
Public exploits
5
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH1
Vulnerabilities
Page 1 of 1
CVE-2007-5257P3CRITICALCVSS 10.0PoC≤ 5.3.220.12007-10-06
CVE-2007-5257 [CRITICAL] CVE-2007-5257: Stack-based buffer overflow in the EDraw.OfficeViewer ActiveX control in officeviewer.ocx in EDraw O
Stack-based buffer overflow in the EDraw.OfficeViewer ActiveX control in officeviewer.ocx in EDraw Office Viewer Component 5.3.220.1 and earlier allows remote attackers to execute arbitrary code via long strings in the first and second arguments to the FtpDownloadFile method, a different vector than CVE-2007-4821 and CVE-2007-3169.
nvd
CVE-2007-4821P3CRITICALCVSS 9.3PoCv5.22007-09-11
CVE-2007-4821 [CRITICAL] CVE-2007-4821: Buffer overflow in a certain ActiveX control in officeviewer.ocx 5.2.218.1 in EDraw Office Viewer Co
Buffer overflow in a certain ActiveX control in officeviewer.ocx 5.2.218.1 in EDraw Office Viewer Component 5.2 allows remote attackers to execute arbitrary code via a long first argument to the HttpDownloadFileToTempDir method, a different vulnerability than CVE-2007-3169.
nvd
CVE-2007-3169P3CRITICALCVSS 9.3PoC≤ 5.0v4.0.5.202007-06-11
CVE-2007-3169 [CRITICAL] CWE-119 CVE-2007-3169: Buffer overflow in a certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer
Buffer overflow in a certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer.ocx) 4.0.5.20, and other versions before 5.0, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) or execute arbitrary code via a long first argument to the HttpDownloadFile method.
nvd
CVE-2007-4420P3CRITICALCVSS 9.3PoCv5.12007-08-18
CVE-2007-4420 [CRITICAL] CWE-22 CVE-2007-4420: Absolute path traversal vulnerability in a certain ActiveX control in officeviewer.ocx 5.1.199.1 in
Absolute path traversal vulnerability in a certain ActiveX control in officeviewer.ocx 5.1.199.1 in EDraw Office Viewer Component 5.1 allows remote attackers to create or overwrite arbitrary files via a full pathname in the second argument to the HttpDownloadFile method, a different vulnerability than CVE-2007-3168 and CVE-2007-3169.
nvd
CVE-2007-3168P3HIGHCVSS 7.8PoC≤ 5.0v4.0.5.202007-06-11
CVE-2007-3168 [HIGH] CVE-2007-3168: A certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer.ocx) 4.0.5.20, and
A certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer.ocx) 4.0.5.20, and other versions before 5.0, allows remote attackers to delete arbitrary files via the DeleteLocalFile method.
nvd