vendor:
Office Viewer Component
by:
shinnai
7.5
CVSS
HIGH
Insecure Method
613
CWE
Product Name: Office Viewer Component
Affected Version From: 5.1
Affected Version To: 5.1.199.1
Patch Exists: NO
Related CWE:
CPE: officeviewer.ocx
Platforms Tested: Windows XP Professional SP2 with Internet Explorer 7
2007
0-day EDraw Office Viewer Component 5.1 (officeviewer.ocx v. 5.1.199.1) “HttpDownloadFile()” Insecure Method
The EDraw Office Viewer Component 5.1 (officeviewer.ocx v. 5.1.199.1) is vulnerable to an insecure method called "HttpDownloadFile()". This vulnerability allows an attacker to download arbitrary files from a remote server to a user's machine by exploiting this insecure method.
Mitigation:
To mitigate this vulnerability, it is recommended to update to a patched version of the EDraw Office Viewer Component. Additionally, users should exercise caution when downloading and executing files from untrusted sources.