Lucene search

MitreCVE-2007-3168

HistoryJun 11, 2007 - 10:30 p.m.

CVE-2007-3168

2007-06-1122:30:00

mitre

web.nvd.nist.gov

edraw

office viewer

edrawofficeviewer.ocx

activex control

cve-2007-3168

security vulnerability

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:P/A:C

AI Score

6.7

Confidence

Low

EPSS

0.176

Percentile

96.2%

JSON

A certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer.ocx) 4.0.5.20, and other versions before 5.0, allows remote attackers to delete arbitrary files via the DeleteLocalFile method.

Affected configurations

Nvd

Node

edrawoffice_viewer_componentRange≤5.0

edrawoffice_viewer_componentMatch4.0.5.20

VendorProductVersionCPE
edrawoffice_viewer_component*cpe:2.3:a:edraw:office_viewer_component:*:*:*:*:*:*:*:*
edrawoffice_viewer_component4.0.5.20cpe:2.3:a:edraw:office_viewer_component:4.0.5.20:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
edraw	office_viewer_component	*	cpe:2.3:a:edraw:office_viewer_component::::::::
edraw	office_viewer_component	4.0.5.20	cpe:2.3:a:edraw:office_viewer_component:4.0.5.20:::::::*

References

moaxb.blogspot.com/2007/05/moaxb-28-edraw-office-viewer-component.html

osvdb.org/36044

secunia.com/advisories/25418

shinnai.altervista.org/viewtopic.php?id=42&t_id=31

www.ocxt.com/archives/28

www.securityfocus.com/bid/24230

www.vupen.com/english/advisories/2007/1992

exchange.xforce.ibmcloud.com/vulnerabilities/34588

www.exploit-db.com/exploits/4010

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:P/A:C

AI Score

6.7

Confidence

Low

EPSS

0.176

Percentile

96.2%

JSON

Related for CVE-2007-3168