Edraw.Flowchart.HttpDownloadFile.Arbitrary.File.Download
Description
This indicates an attempt to exploit a file overwrite vulnerability in EDraw Flowchart.
EDraw Flowchart contains a design error in "EDImage.ocx" that allows an attacker to overwrite a file on a vulnerable system using the "HttpDownloadFile()" method.
Affected Products
EDraw Flowchart ActiveX version 2.3 and prior.
Impact
System Compromise: remote attackers can overwrite any file on a vulnerable system.
Recommended Actions
Currently we are not aware of any vendor supplied patch.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |