CVE-2007-3168

A certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer.ocx) 4.0.5.20, and other versions before 5.0, allows remote attackers to delete arbitrary files via the DeleteLocalFile method.

CVSS v2.0 7.8 HIGH

7.8^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:C

Exploitability : 8.6 / Impact : 7.8

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact COMPLETE

References

Link	Resource
http://moaxb.blogspot.com/2007/05/moaxb-28-edraw-office-viewer-component.html
http://shinnai.altervista.org/viewtopic.php?id=42&t_id=31
http://www.securityfocus.com/bid/24230	Exploit
http://secunia.com/advisories/25418	Vendor Advisory
http://www.ocxt.com/archives/28
http://osvdb.org/36044
http://www.vupen.com/english/advisories/2007/1992
https://exchange.xforce.ibmcloud.com/vulnerabilities/34588
https://www.exploit-db.com/exploits/4010

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:edraw:office_viewer_component:4.0.5.20:::::::*
	cpe:2.3:a:edraw:office_viewer_component::::::::

Information

Published : 2007-06-11 15:30

Updated : 2017-10-10 18:32

NVD link : CVE-2007-3168

Mitre link : CVE-2007-3168

JSON object : View

CWE

NVD-CWE-Other

Products Affected

edraw

office_viewer_component

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://moaxb.blogspot.com/2007/05/moaxb-28-edraw-office-viewer-component.html", "name": "http://moaxb.blogspot.com/2007/05/moaxb-28-edraw-office-viewer-component.html", "tags": [], "refsource": "MISC"}, {"url": "http://shinnai.altervista.org/viewtopic.php?id=42&t_id=31", "name": "http://shinnai.altervista.org/viewtopic.php?id=42&t_id=31", "tags": [], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/24230", "name": "24230", "tags": ["Exploit"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/25418", "name": "25418", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.ocxt.com/archives/28", "name": "http://www.ocxt.com/archives/28", "tags": [], "refsource": "CONFIRM"}, {"url": "http://osvdb.org/36044", "name": "36044", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.vupen.com/english/advisories/2007/1992", "name": "ADV-2007-1992", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34588", "name": "edraw-viewer-deletelocalfile-dos(34588)", "tags": [], "refsource": "XF"}, {"url": "https://www.exploit-db.com/exploits/4010", "name": "4010", "tags": [], "refsource": "EXPLOIT-DB"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer.ocx) 4.0.5.20, and other versions before 5.0, allows remote attackers to delete arbitrary files via the DeleteLocalFile method."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-3168", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:C", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "severity": "HIGH", "impactScore": 7.8, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2007-06-11T22:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:edraw:office_viewer_component:4.0.5.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:edraw:office_viewer_component:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "5.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-10-11T01:32Z"}

7.8 /10