1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP EDraw Office Viewer ActiveX File Delete

HTTP EDraw Office Viewer ActiveX File Delete

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempt to exploit a file deletion vulnerability by passing special arguments into a method of EDraw Office Viewer Component ActiveX control.

Additional Information

The EDraw Office Viewer Component is an ActiveX control to display and interact with Microsoft Office files such as Word, Excel, PowerPoint, Project, and Visio.

The application is prone to an arbitrary-file-delete vulnerability because it fails to properly sanitize user-supplied input. This issue affects the string filename parameter of the 'DeleteLocalFile' method of the affected ActiveX control with CLSID:{053AFEBA-D968-435F-B557-19FF76372B1B}.

An attacker can exploit this issue to delete arbitrary files on the affected computer. Successful attacks can result in denial-of-service conditions.

Affected

  • EDraw Office Viewer Component 4.0
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube