1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP EDraw Flowchart ActiveX Overwrite

HTTP EDraw Flowchart ActiveX Overwrite

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempt to exploit an arbitrary-file-overwrite by passing malicious arguments passed into a method of EDraw Flowchart Component ActiveX Control.

Additional Information

The EDraw Flowchart Component is an ActiveX control to create business and technical diagrams.

The EDraw Flowchart Component ActiveX Control is prone to a vulnerability that lets attackers overwrite files.

This issue resides in the control with a CLSID of F685AFD8-A5CC-410E-98E4-BAA1C559BA61, in the method called 'HttpDownloadFile()'. This control is located in the 'EDImage.ocx' file.

The vulnerable method is used to download content from arbitrary URIs and save it in a local file. The software has no restrictions for where the content is retrieved from or where the file is saved locally.

An attacker can exploit this issue to overwrite files with arbitrary, attacker-controlled content. This will aid in further attacks.

Affected

  • Any Draw EDraw Flowchart ActiveX Control 3.1
  • EDraw Flowchart ActiveX Control 2.3

Response

Download and install all vendor patches related to this vulnerability.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube