Lucene search

MitreCVE-2007-5257

HistoryOct 06, 2007 - 5:17 p.m.

CVE-2007-5257

2007-10-0617:17:00

CWE-119

mitre

web.nvd.nist.gov

cve-2007-5257

stack-based buffer overflow

edraw.officeviewer

activex

remote code execution

cve-2007-4821

cve-2007-3169

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.8

Confidence

Low

EPSS

0.228

Percentile

96.6%

JSON

Stack-based buffer overflow in the EDraw.OfficeViewer ActiveX control in officeviewer.ocx in EDraw Office Viewer Component 5.3.220.1 and earlier allows remote attackers to execute arbitrary code via long strings in the first and second arguments to the FtpDownloadFile method, a different vector than CVE-2007-4821 and CVE-2007-3169.

Affected configurations

Nvd

Node

edrawoffice_viewer_componentRange≤5.3.220.1

VendorProductVersionCPE
edrawoffice_viewer_component*cpe:2.3:a:edraw:office_viewer_component:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
edraw	office_viewer_component	*	cpe:2.3:a:edraw:office_viewer_component::::::::

References

osvdb.org/37724

secunia.com/advisories/27017

shinnai.altervista.org/exploits/txt/TXT_O5FvsIzILBHQr7QbK2kD.html

www.securityfocus.com/bid/25892

www.vupen.com/english/advisories/2007/3329

exchange.xforce.ibmcloud.com/vulnerabilities/36879

www.exploit-db.com/exploits/4474

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.8

Confidence

Low

EPSS

0.228

Percentile

96.6%

JSON

Related for CVE-2007-5257