CVE-2007-3168

A certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer.ocx) 4.0.5.20, and other versions before 5.0, allows remote attackers to delete arbitrary files via the DeleteLocalFile method.

CVSS v2.0 7.8 HIGH

7.8^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:C

Exploitability : 8.6 / Impact : 7.8

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact COMPLETE

References

Link	Resource
http://moaxb.blogspot.com/2007/05/moaxb-28-edraw-office-viewer-component.html
http://osvdb.org/36044
http://secunia.com/advisories/25418	Vendor Advisory
http://shinnai.altervista.org/viewtopic.php?id=42&t_id=31
http://www.ocxt.com/archives/28
http://www.securityfocus.com/bid/24230	Exploit
http://www.vupen.com/english/advisories/2007/1992
https://exchange.xforce.ibmcloud.com/vulnerabilities/34588
https://www.exploit-db.com/exploits/4010

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:edraw:office_viewer_component::::::::
	cpe:2.3:a:edraw:office_viewer_component:4.0.5.20:::::::*

History

No history.

Information

Published : 2007-06-11 22:30

Updated : 2024-02-04 17:13

NVD link : CVE-2007-3168

Mitre link : CVE-2007-3168

CVE.ORG link : CVE-2007-3168

JSON object : View

Products Affected

edraw

office_viewer_component

CWE

NVD-CWE-Other

{"id": "CVE-2007-3168", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:C", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 7.8, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-06-11T22:30:00.000", "references": [{"url": "http://moaxb.blogspot.com/2007/05/moaxb-28-edraw-office-viewer-component.html", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/36044", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/25418", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://shinnai.altervista.org/viewtopic.php?id=42&t_id=31", "source": "cve@mitre.org"}, {"url": "http://www.ocxt.com/archives/28", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/24230", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/1992", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34588", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/4010", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "A certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer.ocx) 4.0.5.20, and other versions before 5.0, allows remote attackers to delete arbitrary files via the DeleteLocalFile method."}, {"lang": "es", "value": "Un cierto control ActiveX en el EDraw Office Viewer Component (edrawofficeviewer.ocx) versi\u00f3n 4.0.5.20 y otras versiones anteriores a 5.0, permite a atacantes remotos eliminar archivos arbitrarios por medio del m\u00e9todo DeleteLocalFile."}], "lastModified": "2017-10-11T01:32:43.067", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:edraw:office_viewer_component:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B4A5C32-2C26-42D7-8039-EAE1A7383D48", "versionEndIncluding": "5.0"}, {"criteria": "cpe:2.3:a:edraw:office_viewer_component:4.0.5.20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CFF5C7C7-D888-4D9E-B4DA-68B6978C02DB"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}