Lucene search

MitreCVE-2009-2169

HistoryJun 22, 2009 - 10:30 p.m.

CVE-2009-2169

2009-06-2222:30:00

CWE-94

mitre

web.nvd.nist.gov

cve-2009-2169

insecure method vulnerability

pdfviewer.pdfviewerctrl.1

activex control

pdfviewer.ocx

edraw pdf viewer component

remote attackers

arbitrary files

code execution

nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

Low

EPSS

0.935

Percentile

99.2%

JSON

Insecure method vulnerability in the PDFVIEWER.PDFViewerCtrl.1 ActiveX control (pdfviewer.ocx) in Edraw PDF Viewer Component before 3.2.0.126 allows remote attackers to create and overwrite arbitrary files via a URL argument to the FtpConnect argument and a target filename argument to the FtpDownloadFile method. NOTE: this can be leveraged for code execution by writing to a Startup folder.

Affected configurations

Nvd

Node

edrawpdf_viewer_componentRange≤3.2.0

VendorProductVersionCPE
edrawpdf_viewer_component*cpe:2.3:a:edraw:pdf_viewer_component:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
edraw	pdf_viewer_component	*	cpe:2.3:a:edraw:pdf_viewer_component::::::::

References

archives.neohapsis.com/archives/fulldisclosure/2009-06/0198.html

secunia.com/advisories/35509

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

Low

EPSS

0.935

Percentile

99.2%

JSON

Related for CVE-2009-2169