Design/Logic Flaw

The EdrawSoft EDOFFICE.EDOfficeCtrl.1 ActiveX control, as used in Edraw Office Viewer Component, the client in IBM Cognos Disclosure Management CDM 10.2.0, and other products, allows remote attackers to read arbitrary files, or download an arbitrary program onto a client machine and execute this...

EdrawSoft Office Viewer Component ActiveX 5.6 Buffer Overflow

EdrawSoft Office Viewer Component ActiveX 5.6 officeviewermme.ocx BoF PoC Vendor: EdrawSoft Product web page: http://www.edrawsoft.com Affected version: 5.6.5781 Summary: Edraw Office Viewer Component contains a standard ActiveX control that acts as an ActiveX document container for hosting Offic...

Edraw Office Viewer Component 7.4 - ActiveX Stack Buffer Overflow

function heapspray //exec calc.exe var shellcode = unescape "%u9090%u9090%u9090%u9090" ; shellcode += unescape...

Edraw Office Viewer Component 7.4 - ActiveX Stack Buffer Overflow

Edraw Office Viewer Component 7.4 - ActiveX Stack Buffer Overflow function heapspray //exec calc.exe var shellcode = unescape "%u9090%u9090%u9090%u9090" ; shellcode += unescape...

EDraw Office Viewer 5.4 - 'HttpDownloadFile()' Insecure Method

Edraw Office Viewer Component v5.4 HttpDownloadFile Insecure Method Founded By : Cyber-Zone E-mail : [email protected] Home : WwW.Exploiter5.CoM GreetZ : Houssamix , Hussin X , JiKo , StaCk , str0ke , The5p3ctrum , BayHay , All Mgharba Wahed wahed Oujda 2009 Sub tryMe On Error Resume Next...

EDraw Office Viewer Component 5.3 FtpDownloadFile() Remote BoF

Exploit for unknown platform in category dos / poc ============================================================== EDraw Office Viewer Component 5.3 FtpDownloadFile Remote BoF ==============================================================...

CVE-2007-4821

CVE-2007-4821 affects the EDraw Office Viewer Component (officeviewer.ocx) version 5.2 (and earlier per related entries) and is caused by a buffer overflow in the HttpDownloadFileToTempDir method. The vulnerability allows remote attackers to execute arbitrary code by passing a long value as the f...

EDraw Office Viewer Component 5.2 ActiveX Remote BoF PoC

No description provided by source. pre codespan style="font: 10pt Courier New;"span class="general1-symbol"-------------------------------------------------------------------------------------------------------------- b0-day EDraw Office Viewer Component 5.2 officeviewer.ocx v. 5.2.218.1...

Path traversal

Absolute path traversal vulnerability in a certain ActiveX control in officeviewer.ocx 5.1.199.1 in EDraw Office Viewer Component 5.1 allows remote attackers to create or overwrite arbitrary files via a full pathname in the second argument to the HttpDownloadFile method, a different vulnerability...

CVE-2007-4420

Absolute path traversal vulnerability in a certain ActiveX control in officeviewer.ocx 5.1.199.1 in EDraw Office Viewer Component 5.1 allows remote attackers to create or overwrite arbitrary files via a full pathname in the second argument to the HttpDownloadFile method, a different vulnerability...

CVE-2007-3169

EDraw Office Viewer Component (officeviewer.ocx) ActiveX controls are affected across multiple CVEs (e.g., CVE-2007-3169, CVE-2007-4821, CVE-2007-5257). Affected versions include Office Viewer Component 5.0 and earlier for HttpDownloadFile/HttpDownloadFileToTempDir and 5.3.220.1 and earlier for F...

EDraw Office Viewer Component Denial of Service Exploit

No description provided by source. pre span style="font: 14pt Courier New;"p align="center"b2007/05/29/b/p/span codespan style="font: 10pt Courier New;"span class="general1-symbol"--------------------------------------------------------------------------------------------- bEDraw Office Viewer...

EDraw Office Viewer Component - Denial of Service

EDraw Office Viewer Component - Denial of Service 2007/05/29 --------------------------------------------------------------------------------------------- EDraw Office Viewer Component edrawofficeviewer.ocx v. 4.0.5.20 Denial of Service Exploit url: http://www.ocxt.com/officeviewer.php author:...

EDraw Office Viewer Component Unsafe Method Exploit

Exploit for unknown platform in category remote exploits =================================================== EDraw Office Viewer Component Unsafe Method Exploit =================================================== 2007/05/28...

EDraw Office Viewer Component - Unsafe Method

2007/05/28 ----------------------------------------------------------------------------------------------- EDraw Office Viewer Component edrawofficeviewer.ocx v. 4.0.5.20 Unsafe Method Vulnerability url: http://www.ocxt.com/officeviewer.php author: shinnai mail: shinnaiatautisticidotorg site:...