Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5257

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2007-5257
Last Modified 20 Jul 2013 02:18:04
Published 06 Oct 2007 01:17:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-5257

Summary

Stack-based buffer overflow in the EDraw.OfficeViewer ActiveX control in officeviewer.ocx in EDraw Office Viewer Component 5.3.220.1 and earlier allows remote attackers to execute arbitrary code via long strings in the first and second arguments to the FtpDownloadFile method, a different vector than CVE-2007-4821 and CVE-2007-3169.

Vulnerable Systems

Application

  • Edraw Office Viewer Component 5.3.220.1


References

VUPEN - ADV-2007-3329

BID - 25892

MILW0RM - 4474

MISC - http://shinnai.altervista.org/exploits/txt/TXT_O5FvsIzILBHQr7QbK2kD.html

SECUNIA - 27017

OSVDB - 37724

XF - edraw-viewer-ftpdownloadfile-bo(36879)


Last Updated: 27 May 2016 10:46:08