1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP EDraw PDF Viewer ActiveX FO

HTTP EDraw PDF Viewer ActiveX FO

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an attempt to exploit an Arbitrary File Overwrite Vulnerability in Edraw PDF Viewer Component ActiveX control.

Additional Information

Edraw PDF Viewer Component is an ActiveX control used to display PDF documents.

The application is prone to a vulnerability that allows attackers to overwrite arbitrary local files. Specifically, the 'FtpDownloadFile()' method of the 'pdfviewer.ocx' ActiveX control will overwrite files in an insecure manner. The control is identified by CLSID:

44A8091F-8F01-43B7-8CF7-4BBA71E61E04

Successful exploits will allow an attacker to corrupt and overwrite arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer).

Versions prior to PDF Viewer Component 3.2.0.126 are vulnerable.

Affected

  • EDraw PDF Viewer Component 3.2

Response

Updates are reported to be available; please see the references for more information.

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube