Vulnerability Details : CVE-2007-3169
Potential exploit
Buffer overflow in a certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer.ocx) 4.0.5.20, and other versions before 5.0, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) or execute arbitrary code via a long first argument to the HttpDownloadFile method.
Vulnerability category: OverflowExecute codeDenial of service
Products affected by CVE-2007-3169
- cpe:2.3:a:edraw:office_viewer_component:*:*:*:*:*:*:*:*
- cpe:2.3:a:edraw:office_viewer_component:4.0.5.20:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-3169
31.35%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-3169
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2007-3169
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-3169
-
http://www.vupen.com/english/advisories/2007/1992
-
http://shinnai.altervista.org/viewtopic.php?id=42&t_id=32
-
http://moaxb.blogspot.com/2007/05/moaxb-29-edraw-office-viewer-component.html
-
https://www.exploit-db.com/exploits/4009
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/34590
-
http://www.securityfocus.com/bid/24229
Exploit
-
http://www.ocxt.com/archives/28
-
http://secunia.com/advisories/25418
Vendor Advisory
-
http://osvdb.org/36045
Jump to