Lucene search

[email protected]CVE-2007-5826

HistoryNov 05, 2007 - 7:46 p.m.

CVE-2007-5826

2007-11-0519:46:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2007-5826

absolute path traversal

edraw flowchart

activex control

edimage.ocx

nvd

security vulnerability

httpdownloadfile method

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

Low

0.116 Low

EPSS

Percentile

95.3%

JSON

Absolute path traversal vulnerability in the EDraw Flowchart ActiveX control in EDImage.ocx 2.0.2005.1104 allows remote attackers to create or overwrite arbitrary files with arbitrary contents via a full pathname in the second argument to the HttpDownloadFile method, a different product than CVE-2007-4420.

Affected configurations

NVD

Node

edrawflowchart_activexRange≤2.3

CPENameOperatorVersion
edraw:flowchart_activexedraw flowchart activexle2.3

CPE	Name	Operator	Version
edraw:flowchart_activex	edraw flowchart activex	le	2.3

References

osvdb.org/38415

secunia.com/advisories/27462

shinnai.altervista.org/exploits/txt/TXT_3kXDua0a0Tl5Vm5LU3ms.html

www.securityfocus.com/bid/26308

www.vupen.com/english/advisories/2007/3710

exchange.xforce.ibmcloud.com/vulnerabilities/38223

www.exploit-db.com/exploits/4598

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

Low

0.116 Low

EPSS

Percentile

95.3%

JSON

Related for CVE-2007-5826

prion2 cvelist2 nvd2 nessus1 cve1