Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5826

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2007-5826
Last Modified 07 Mar 2011 10:01:22
Published 05 Nov 2007 02:46:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5826

Summary

Absolute path traversal vulnerability in the EDraw Flowchart ActiveX control in EDImage.ocx 2.0.2005.1104 allows remote attackers to create or overwrite arbitrary files with arbitrary contents via a full pathname in the second argument to the HttpDownloadFile method, a different product than CVE-2007-4420.

Vulnerable Systems

Application

  • Edraw Flowchart Activex 2.3


References

XF - edraw-flowchart-edimage-file-overwrite(38223)

VUPEN - ADV-2007-3710

MILW0RM - 4598

OSVDB - 38415

BID - 26308

MISC - http://shinnai.altervista.org/exploits/txt/TXT_3kXDua0a0Tl5Vm5LU3ms.html

SECUNIA - 27462


Last Updated: 27 May 2016 10:46:18