1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP EDraw Office Viewer FtpDownloadFile ActiveX BO

HTTP EDraw Office Viewer FtpDownloadFile ActiveX BO

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempt to exploit a buffer overflow vulnerability by passing long arguments into a method ofEDraw Office Viewer Component ActiveX control

Additional Information

The EDraw Office Viewer Component is an ActiveX control to display and interact with Microsoft Office files such as Word, Excel, PowerPoint, Project, and Visio.

EDraw Office Viewer Component ActiveX control is prone to a buffer-overflow vulnerabilities because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

These issues occur when an excessive amount of data is passed to the 'HttpDownloadFileToTempDir' method of the 'edrawofficeviewer.ocx' ActiveX control.

This issue resides in the ActiveX control with the CLSID: (6BA21C22-53A5-463F-BBE8-5CF7FFA0132B).

An attacker can exploit this issue to cause a denial-of-service condition. Arbitrary code execution may be possible, but has not been confirmed.

This issue affects EDraw Office Viewer Component 5.2; other versions may also be affected.

Affected

  • EDraw Office Viewer Component 5.2, 5.2.218.1

Response


  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube