Edraw.Office.Viewer.Component.ActiveX.Arbitrary.File.Deletion
Description
This indicates an attack attempt against an Arbitrary File Deletion vulnerability in EDraw Office Viewer Component.
The vulnerability is caused by a design error in the "deletelocalfile()" method within the "edrawofficeviewer.ocx" ActiveX control. It could be exploited by remote attackers to execute arbitrary code via a malicious web page.
Affected Products
EDraw Office Viewer Component 4.0.5.20
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Currently we are not aware of any vendor supplied patches for this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2020-11-04 | 16.956 | Name:EDraw. Office. Viewer. Component. ActiveX. Arbitrary. File. Deletion:Edraw. Office. Viewer. Component. ActiveX. Arbitrary. File. Deletion |