CVE Vulnerability

CVE-2007-5257

Stack-based buffer overflow in the EDraw.OfficeViewer ActiveX control in officeviewer.ocx in EDraw Office Viewer Component 5.3.220.1 and earlier allows remote attackers to execute arbitrary code via long strings in the first and second arguments to the FtpDownloadFile method, a different vector than CVE-2007-4821 and CVE-2007-3169.

10 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

References
Link Resource
http://shinnai.altervista.org/exploits/txt/TXT_O5FvsIzILBHQr7QbK2kD.html Exploit
http://www.securityfocus.com/bid/25892 Exploit
http://secunia.com/advisories/27017 Vendor Advisory
http://www.vupen.com/english/advisories/2007/3329
http://osvdb.org/37724
https://exchange.xforce.ibmcloud.com/vulnerabilities/36879
https://www.exploit-db.com/exploits/4474
Configurations

Configuration 1

cpe:2.3:a:edraw:office_viewer_component:*:*:*:*:*:*:*:*
Information

Published : 2007-10-06 05:17

Updated : 2017-09-29 01:29

NVD link : CVE-2007-5257

Mitre link : CVE-2007-5257

Products Affected
No products.
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer