vendor:
EDraw Office Viewer Component
by:
shinnai
5.5
CVSS
MEDIUM
Denial of Service
CWE
Product Name: EDraw Office Viewer Component
Affected Version From: 4.0.5.20
Affected Version To: 4.0.5.20
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested: Windows XP Professional SP2 with Internet Explorer 7
2007
EDraw Office Viewer Component Denial of Service Exploit
This exploit targets EDraw Office Viewer Component (edrawofficeviewer.ocx) version 4.0.5.20. By sending a specially crafted HTTP request, an attacker can cause a denial of service condition on systems running this vulnerable component. The exploit involves creating a large buffer and passing it as a parameter to the HttpDownloadFile method of the ActiveX object.
Mitigation:
Update to a patched version of EDraw Office Viewer Component or remove the vulnerable component if not required. Additionally, ensure that the component is not marked as safe for script or initialization in the registry.