1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP EDraw Office Viewer ActiveX File Overwrite

HTTP EDraw Office Viewer ActiveX File Overwrite

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempt to exploit a file overwrite Vulnerability by using a method of EDraw Office Viewer Component ActiveX control.

Additional Information

The EDraw Office Viewer Component is an ActiveX control to display and interact with Microsoft Office files such as Word, Excel, PowerPoint, Project, and Visio.

The EDraw Office Viewer Component ActiveX Control is prone to an arbitrary file-overwrite vulnerability.

This issue resides in the control with a CLDID of 6BA21C22-53A5-463F-BBE8-5CF7FFA0132B, in the method called 'HttpDownloadFile'. This control is located in the 'officeviewer.ocx' file.

The vulnerable method is used to download content from arbitrary URIs and save it in a local file. There reportedly does not seem to be restrictions in place for where the content is retrieved from, or where the file is saved locally.

An attacker can exploit this issue to overwrite files with arbitrary, attacker-controlled content. This will aid in further attacks.

Version 5.1 of the control is vulnerable to this issue; other versions may also be affected.

Affected

  • EDraw Office Viewer Component 5.1
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube