Intrusion Prevention

Edraw.PDF.Viewer.Component.ActiveX.Arbitrary.File.Overwrite

Description

This indicates an attack attempt against a Buffer Overflow vulnerability in the Edraw PDF Viewer Component ActiveX control.
The vulnerability is caused by an error when the software handles a specially crafted argument to the "FtpConnect" method. It allows a remote attacker to execute arbitrary code.

Affected Products

Versions prior to PDF Viewer Component 3.2.0.126 are vulnerable.

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Upgrade to the latest version, available from the website:
http://www.edrawsoft.com/pdfviewer.php

CVE References

CVE-2009-2169