Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities found for office_viewer_component by edraw
CVE-2007-5257 (GCVE-0-2007-5257)
Vulnerability from nvd – Published: 2007-10-06 17:00 – Updated: 2024-08-07 15:24
VLAI
EPSS
VEX
Summary
Stack-based buffer overflow in the EDraw.OfficeViewer ActiveX control in officeviewer.ocx in EDraw Office Viewer Component 5.3.220.1 and earlier allows remote attackers to execute arbitrary code via long strings in the first and second arguments to the FtpDownloadFile method, a different vector than CVE-2007-4821 and CVE-2007-3169.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://osvdb.org/37724 | vdb-entryx_refsource_OSVDB |
| http://shinnai.altervista.org/exploits/txt/TXT_O5… | x_refsource_MISC |
| http://secunia.com/advisories/27017 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/25892 | vdb-entryx_refsource_BID |
| https://www.exploit-db.com/exploits/4474 | exploitx_refsource_EXPLOIT-DB |
| http://www.vupen.com/english/advisories/2007/3329 | vdb-entryx_refsource_VUPEN |
Date Public
2007-10-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:24:42.284Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37724",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37724"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://shinnai.altervista.org/exploits/txt/TXT_O5FvsIzILBHQr7QbK2kD.html"
},
{
"name": "27017",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27017"
},
{
"name": "edraw-viewer-ftpdownloadfile-bo(36879)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36879"
},
{
"name": "25892",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25892"
},
{
"name": "4474",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4474"
},
{
"name": "ADV-2007-3329",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3329"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the EDraw.OfficeViewer ActiveX control in officeviewer.ocx in EDraw Office Viewer Component 5.3.220.1 and earlier allows remote attackers to execute arbitrary code via long strings in the first and second arguments to the FtpDownloadFile method, a different vector than CVE-2007-4821 and CVE-2007-3169."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37724",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37724"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://shinnai.altervista.org/exploits/txt/TXT_O5FvsIzILBHQr7QbK2kD.html"
},
{
"name": "27017",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27017"
},
{
"name": "edraw-viewer-ftpdownloadfile-bo(36879)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36879"
},
{
"name": "25892",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25892"
},
{
"name": "4474",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4474"
},
{
"name": "ADV-2007-3329",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3329"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5257",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the EDraw.OfficeViewer ActiveX control in officeviewer.ocx in EDraw Office Viewer Component 5.3.220.1 and earlier allows remote attackers to execute arbitrary code via long strings in the first and second arguments to the FtpDownloadFile method, a different vector than CVE-2007-4821 and CVE-2007-3169."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37724",
"refsource": "OSVDB",
"url": "http://osvdb.org/37724"
},
{
"name": "http://shinnai.altervista.org/exploits/txt/TXT_O5FvsIzILBHQr7QbK2kD.html",
"refsource": "MISC",
"url": "http://shinnai.altervista.org/exploits/txt/TXT_O5FvsIzILBHQr7QbK2kD.html"
},
{
"name": "27017",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27017"
},
{
"name": "edraw-viewer-ftpdownloadfile-bo(36879)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36879"
},
{
"name": "25892",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25892"
},
{
"name": "4474",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4474"
},
{
"name": "ADV-2007-3329",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3329"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5257",
"datePublished": "2007-10-06T17:00:00.000Z",
"dateReserved": "2007-10-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:24:42.284Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4821 (GCVE-0-2007-4821)
Vulnerability from nvd – Published: 2007-09-11 19:00 – Updated: 2024-08-07 15:08
VLAI
EPSS
VEX
Summary
Buffer overflow in a certain ActiveX control in officeviewer.ocx 5.2.218.1 in EDraw Office Viewer Component 5.2 allows remote attackers to execute arbitrary code via a long first argument to the HttpDownloadFileToTempDir method, a different vulnerability than CVE-2007-3169.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/25593 | vdb-entryx_refsource_BID |
| https://www.exploit-db.com/exploits/4373 | exploitx_refsource_EXPLOIT-DB |
| http://osvdb.org/38832 | vdb-entryx_refsource_OSVDB |
Date Public
2007-09-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:08:33.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25593",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25593"
},
{
"name": "4373",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4373"
},
{
"name": "38832",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38832"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in a certain ActiveX control in officeviewer.ocx 5.2.218.1 in EDraw Office Viewer Component 5.2 allows remote attackers to execute arbitrary code via a long first argument to the HttpDownloadFileToTempDir method, a different vulnerability than CVE-2007-3169."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25593",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25593"
},
{
"name": "4373",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4373"
},
{
"name": "38832",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38832"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4821",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in a certain ActiveX control in officeviewer.ocx 5.2.218.1 in EDraw Office Viewer Component 5.2 allows remote attackers to execute arbitrary code via a long first argument to the HttpDownloadFileToTempDir method, a different vulnerability than CVE-2007-3169."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25593",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25593"
},
{
"name": "4373",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4373"
},
{
"name": "38832",
"refsource": "OSVDB",
"url": "http://osvdb.org/38832"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4821",
"datePublished": "2007-09-11T19:00:00.000Z",
"dateReserved": "2007-09-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:08:33.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4420 (GCVE-0-2007-4420)
Vulnerability from nvd – Published: 2007-08-18 21:00 – Updated: 2024-08-07 14:53
VLAI
EPSS
VEX
Summary
Absolute path traversal vulnerability in a certain ActiveX control in officeviewer.ocx 5.1.199.1 in EDraw Office Viewer Component 5.1 allows remote attackers to create or overwrite arbitrary files via a full pathname in the second argument to the HttpDownloadFile method, a different vulnerability than CVE-2007-3168 and CVE-2007-3169.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/4290 | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/bid/25344 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://osvdb.org/38794 | vdb-entryx_refsource_OSVDB |
| http://www.ocxt.com/archives/39 | x_refsource_CONFIRM |
Date Public
2007-08-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:53:55.825Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4290",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4290"
},
{
"name": "25344",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25344"
},
{
"name": "edrawviewer-officeviewer-file-overwrite(36055)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36055"
},
{
"name": "38794",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38794"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ocxt.com/archives/39"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Absolute path traversal vulnerability in a certain ActiveX control in officeviewer.ocx 5.1.199.1 in EDraw Office Viewer Component 5.1 allows remote attackers to create or overwrite arbitrary files via a full pathname in the second argument to the HttpDownloadFile method, a different vulnerability than CVE-2007-3168 and CVE-2007-3169."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4290",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4290"
},
{
"name": "25344",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25344"
},
{
"name": "edrawviewer-officeviewer-file-overwrite(36055)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36055"
},
{
"name": "38794",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38794"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ocxt.com/archives/39"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4420",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Absolute path traversal vulnerability in a certain ActiveX control in officeviewer.ocx 5.1.199.1 in EDraw Office Viewer Component 5.1 allows remote attackers to create or overwrite arbitrary files via a full pathname in the second argument to the HttpDownloadFile method, a different vulnerability than CVE-2007-3168 and CVE-2007-3169."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4290",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4290"
},
{
"name": "25344",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25344"
},
{
"name": "edrawviewer-officeviewer-file-overwrite(36055)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36055"
},
{
"name": "38794",
"refsource": "OSVDB",
"url": "http://osvdb.org/38794"
},
{
"name": "http://www.ocxt.com/archives/39",
"refsource": "CONFIRM",
"url": "http://www.ocxt.com/archives/39"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4420",
"datePublished": "2007-08-18T21:00:00.000Z",
"dateReserved": "2007-08-18T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:53:55.825Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3169 (GCVE-0-2007-3169)
Vulnerability from nvd – Published: 2007-06-11 22:00 – Updated: 2024-08-07 14:05
VLAI
EPSS
VEX
Summary
Buffer overflow in a certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer.ocx) 4.0.5.20, and other versions before 5.0, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) or execute arbitrary code via a long first argument to the HttpDownloadFile method.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2007/1992 | vdb-entryx_refsource_VUPEN |
| http://moaxb.blogspot.com/2007/05/moaxb-29-edraw-… | x_refsource_MISC |
| https://www.exploit-db.com/exploits/4009 | exploitx_refsource_EXPLOIT-DB |
| http://www.ocxt.com/archives/28 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/24229 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/25418 | third-party-advisoryx_refsource_SECUNIA |
| http://osvdb.org/36045 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://shinnai.altervista.org/viewtopic.php?id=42… | x_refsource_MISC |
Date Public
2007-05-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:05:29.189Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-1992",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1992"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://moaxb.blogspot.com/2007/05/moaxb-29-edraw-office-viewer-component.html"
},
{
"name": "4009",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4009"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ocxt.com/archives/28"
},
{
"name": "24229",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24229"
},
{
"name": "25418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25418"
},
{
"name": "36045",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36045"
},
{
"name": "edraw-viewer-httpdownloadfile-bo(34590)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34590"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://shinnai.altervista.org/viewtopic.php?id=42\u0026t_id=32"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in a certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer.ocx) 4.0.5.20, and other versions before 5.0, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) or execute arbitrary code via a long first argument to the HttpDownloadFile method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-1992",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1992"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://moaxb.blogspot.com/2007/05/moaxb-29-edraw-office-viewer-component.html"
},
{
"name": "4009",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4009"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ocxt.com/archives/28"
},
{
"name": "24229",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24229"
},
{
"name": "25418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25418"
},
{
"name": "36045",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36045"
},
{
"name": "edraw-viewer-httpdownloadfile-bo(34590)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34590"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://shinnai.altervista.org/viewtopic.php?id=42\u0026t_id=32"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3169",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in a certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer.ocx) 4.0.5.20, and other versions before 5.0, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) or execute arbitrary code via a long first argument to the HttpDownloadFile method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-1992",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1992"
},
{
"name": "http://moaxb.blogspot.com/2007/05/moaxb-29-edraw-office-viewer-component.html",
"refsource": "MISC",
"url": "http://moaxb.blogspot.com/2007/05/moaxb-29-edraw-office-viewer-component.html"
},
{
"name": "4009",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4009"
},
{
"name": "http://www.ocxt.com/archives/28",
"refsource": "CONFIRM",
"url": "http://www.ocxt.com/archives/28"
},
{
"name": "24229",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24229"
},
{
"name": "25418",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25418"
},
{
"name": "36045",
"refsource": "OSVDB",
"url": "http://osvdb.org/36045"
},
{
"name": "edraw-viewer-httpdownloadfile-bo(34590)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34590"
},
{
"name": "http://shinnai.altervista.org/viewtopic.php?id=42\u0026t_id=32",
"refsource": "MISC",
"url": "http://shinnai.altervista.org/viewtopic.php?id=42\u0026t_id=32"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3169",
"datePublished": "2007-06-11T22:00:00.000Z",
"dateReserved": "2007-06-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:05:29.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3168 (GCVE-0-2007-3168)
Vulnerability from nvd – Published: 2007-06-11 22:00 – Updated: 2024-08-07 14:05
VLAI
EPSS
VEX
Summary
A certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer.ocx) 4.0.5.20, and other versions before 5.0, allows remote attackers to delete arbitrary files via the DeleteLocalFile method.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2007/1992 | vdb-entryx_refsource_VUPEN |
| http://www.ocxt.com/archives/28 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/24230 | vdb-entryx_refsource_BID |
| http://shinnai.altervista.org/viewtopic.php?id=42… | x_refsource_MISC |
| https://www.exploit-db.com/exploits/4010 | exploitx_refsource_EXPLOIT-DB |
| http://secunia.com/advisories/25418 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://moaxb.blogspot.com/2007/05/moaxb-28-edraw-… | x_refsource_MISC |
| http://osvdb.org/36044 | vdb-entryx_refsource_OSVDB |
Date Public
2007-05-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:05:29.353Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-1992",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1992"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ocxt.com/archives/28"
},
{
"name": "24230",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24230"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://shinnai.altervista.org/viewtopic.php?id=42\u0026t_id=31"
},
{
"name": "4010",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4010"
},
{
"name": "25418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25418"
},
{
"name": "edraw-viewer-deletelocalfile-dos(34588)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34588"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://moaxb.blogspot.com/2007/05/moaxb-28-edraw-office-viewer-component.html"
},
{
"name": "36044",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36044"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer.ocx) 4.0.5.20, and other versions before 5.0, allows remote attackers to delete arbitrary files via the DeleteLocalFile method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-1992",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1992"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ocxt.com/archives/28"
},
{
"name": "24230",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24230"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://shinnai.altervista.org/viewtopic.php?id=42\u0026t_id=31"
},
{
"name": "4010",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4010"
},
{
"name": "25418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25418"
},
{
"name": "edraw-viewer-deletelocalfile-dos(34588)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34588"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://moaxb.blogspot.com/2007/05/moaxb-28-edraw-office-viewer-component.html"
},
{
"name": "36044",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36044"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3168",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer.ocx) 4.0.5.20, and other versions before 5.0, allows remote attackers to delete arbitrary files via the DeleteLocalFile method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-1992",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1992"
},
{
"name": "http://www.ocxt.com/archives/28",
"refsource": "CONFIRM",
"url": "http://www.ocxt.com/archives/28"
},
{
"name": "24230",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24230"
},
{
"name": "http://shinnai.altervista.org/viewtopic.php?id=42\u0026t_id=31",
"refsource": "MISC",
"url": "http://shinnai.altervista.org/viewtopic.php?id=42\u0026t_id=31"
},
{
"name": "4010",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4010"
},
{
"name": "25418",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25418"
},
{
"name": "edraw-viewer-deletelocalfile-dos(34588)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34588"
},
{
"name": "http://moaxb.blogspot.com/2007/05/moaxb-28-edraw-office-viewer-component.html",
"refsource": "MISC",
"url": "http://moaxb.blogspot.com/2007/05/moaxb-28-edraw-office-viewer-component.html"
},
{
"name": "36044",
"refsource": "OSVDB",
"url": "http://osvdb.org/36044"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3168",
"datePublished": "2007-06-11T22:00:00.000Z",
"dateReserved": "2007-06-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:05:29.353Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5257 (GCVE-0-2007-5257)
Vulnerability from cvelistv5 – Published: 2007-10-06 17:00 – Updated: 2024-08-07 15:24
VLAI
EPSS
VEX
Summary
Stack-based buffer overflow in the EDraw.OfficeViewer ActiveX control in officeviewer.ocx in EDraw Office Viewer Component 5.3.220.1 and earlier allows remote attackers to execute arbitrary code via long strings in the first and second arguments to the FtpDownloadFile method, a different vector than CVE-2007-4821 and CVE-2007-3169.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://osvdb.org/37724 | vdb-entryx_refsource_OSVDB |
| http://shinnai.altervista.org/exploits/txt/TXT_O5… | x_refsource_MISC |
| http://secunia.com/advisories/27017 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/25892 | vdb-entryx_refsource_BID |
| https://www.exploit-db.com/exploits/4474 | exploitx_refsource_EXPLOIT-DB |
| http://www.vupen.com/english/advisories/2007/3329 | vdb-entryx_refsource_VUPEN |
Date Public
2007-10-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:24:42.284Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37724",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37724"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://shinnai.altervista.org/exploits/txt/TXT_O5FvsIzILBHQr7QbK2kD.html"
},
{
"name": "27017",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27017"
},
{
"name": "edraw-viewer-ftpdownloadfile-bo(36879)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36879"
},
{
"name": "25892",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25892"
},
{
"name": "4474",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4474"
},
{
"name": "ADV-2007-3329",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3329"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the EDraw.OfficeViewer ActiveX control in officeviewer.ocx in EDraw Office Viewer Component 5.3.220.1 and earlier allows remote attackers to execute arbitrary code via long strings in the first and second arguments to the FtpDownloadFile method, a different vector than CVE-2007-4821 and CVE-2007-3169."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37724",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37724"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://shinnai.altervista.org/exploits/txt/TXT_O5FvsIzILBHQr7QbK2kD.html"
},
{
"name": "27017",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27017"
},
{
"name": "edraw-viewer-ftpdownloadfile-bo(36879)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36879"
},
{
"name": "25892",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25892"
},
{
"name": "4474",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4474"
},
{
"name": "ADV-2007-3329",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3329"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5257",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the EDraw.OfficeViewer ActiveX control in officeviewer.ocx in EDraw Office Viewer Component 5.3.220.1 and earlier allows remote attackers to execute arbitrary code via long strings in the first and second arguments to the FtpDownloadFile method, a different vector than CVE-2007-4821 and CVE-2007-3169."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37724",
"refsource": "OSVDB",
"url": "http://osvdb.org/37724"
},
{
"name": "http://shinnai.altervista.org/exploits/txt/TXT_O5FvsIzILBHQr7QbK2kD.html",
"refsource": "MISC",
"url": "http://shinnai.altervista.org/exploits/txt/TXT_O5FvsIzILBHQr7QbK2kD.html"
},
{
"name": "27017",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27017"
},
{
"name": "edraw-viewer-ftpdownloadfile-bo(36879)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36879"
},
{
"name": "25892",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25892"
},
{
"name": "4474",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4474"
},
{
"name": "ADV-2007-3329",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3329"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5257",
"datePublished": "2007-10-06T17:00:00.000Z",
"dateReserved": "2007-10-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:24:42.284Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4821 (GCVE-0-2007-4821)
Vulnerability from cvelistv5 – Published: 2007-09-11 19:00 – Updated: 2024-08-07 15:08
VLAI
EPSS
VEX
Summary
Buffer overflow in a certain ActiveX control in officeviewer.ocx 5.2.218.1 in EDraw Office Viewer Component 5.2 allows remote attackers to execute arbitrary code via a long first argument to the HttpDownloadFileToTempDir method, a different vulnerability than CVE-2007-3169.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/25593 | vdb-entryx_refsource_BID |
| https://www.exploit-db.com/exploits/4373 | exploitx_refsource_EXPLOIT-DB |
| http://osvdb.org/38832 | vdb-entryx_refsource_OSVDB |
Date Public
2007-09-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:08:33.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25593",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25593"
},
{
"name": "4373",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4373"
},
{
"name": "38832",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38832"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in a certain ActiveX control in officeviewer.ocx 5.2.218.1 in EDraw Office Viewer Component 5.2 allows remote attackers to execute arbitrary code via a long first argument to the HttpDownloadFileToTempDir method, a different vulnerability than CVE-2007-3169."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25593",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25593"
},
{
"name": "4373",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4373"
},
{
"name": "38832",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38832"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4821",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in a certain ActiveX control in officeviewer.ocx 5.2.218.1 in EDraw Office Viewer Component 5.2 allows remote attackers to execute arbitrary code via a long first argument to the HttpDownloadFileToTempDir method, a different vulnerability than CVE-2007-3169."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25593",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25593"
},
{
"name": "4373",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4373"
},
{
"name": "38832",
"refsource": "OSVDB",
"url": "http://osvdb.org/38832"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4821",
"datePublished": "2007-09-11T19:00:00.000Z",
"dateReserved": "2007-09-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:08:33.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4420 (GCVE-0-2007-4420)
Vulnerability from cvelistv5 – Published: 2007-08-18 21:00 – Updated: 2024-08-07 14:53
VLAI
EPSS
VEX
Summary
Absolute path traversal vulnerability in a certain ActiveX control in officeviewer.ocx 5.1.199.1 in EDraw Office Viewer Component 5.1 allows remote attackers to create or overwrite arbitrary files via a full pathname in the second argument to the HttpDownloadFile method, a different vulnerability than CVE-2007-3168 and CVE-2007-3169.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/4290 | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/bid/25344 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://osvdb.org/38794 | vdb-entryx_refsource_OSVDB |
| http://www.ocxt.com/archives/39 | x_refsource_CONFIRM |
Date Public
2007-08-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:53:55.825Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4290",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4290"
},
{
"name": "25344",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25344"
},
{
"name": "edrawviewer-officeviewer-file-overwrite(36055)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36055"
},
{
"name": "38794",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38794"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ocxt.com/archives/39"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Absolute path traversal vulnerability in a certain ActiveX control in officeviewer.ocx 5.1.199.1 in EDraw Office Viewer Component 5.1 allows remote attackers to create or overwrite arbitrary files via a full pathname in the second argument to the HttpDownloadFile method, a different vulnerability than CVE-2007-3168 and CVE-2007-3169."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4290",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4290"
},
{
"name": "25344",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25344"
},
{
"name": "edrawviewer-officeviewer-file-overwrite(36055)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36055"
},
{
"name": "38794",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38794"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ocxt.com/archives/39"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4420",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Absolute path traversal vulnerability in a certain ActiveX control in officeviewer.ocx 5.1.199.1 in EDraw Office Viewer Component 5.1 allows remote attackers to create or overwrite arbitrary files via a full pathname in the second argument to the HttpDownloadFile method, a different vulnerability than CVE-2007-3168 and CVE-2007-3169."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4290",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4290"
},
{
"name": "25344",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25344"
},
{
"name": "edrawviewer-officeviewer-file-overwrite(36055)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36055"
},
{
"name": "38794",
"refsource": "OSVDB",
"url": "http://osvdb.org/38794"
},
{
"name": "http://www.ocxt.com/archives/39",
"refsource": "CONFIRM",
"url": "http://www.ocxt.com/archives/39"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4420",
"datePublished": "2007-08-18T21:00:00.000Z",
"dateReserved": "2007-08-18T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:53:55.825Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3169 (GCVE-0-2007-3169)
Vulnerability from cvelistv5 – Published: 2007-06-11 22:00 – Updated: 2024-08-07 14:05
VLAI
EPSS
VEX
Summary
Buffer overflow in a certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer.ocx) 4.0.5.20, and other versions before 5.0, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) or execute arbitrary code via a long first argument to the HttpDownloadFile method.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2007/1992 | vdb-entryx_refsource_VUPEN |
| http://moaxb.blogspot.com/2007/05/moaxb-29-edraw-… | x_refsource_MISC |
| https://www.exploit-db.com/exploits/4009 | exploitx_refsource_EXPLOIT-DB |
| http://www.ocxt.com/archives/28 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/24229 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/25418 | third-party-advisoryx_refsource_SECUNIA |
| http://osvdb.org/36045 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://shinnai.altervista.org/viewtopic.php?id=42… | x_refsource_MISC |
Date Public
2007-05-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:05:29.189Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-1992",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1992"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://moaxb.blogspot.com/2007/05/moaxb-29-edraw-office-viewer-component.html"
},
{
"name": "4009",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4009"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ocxt.com/archives/28"
},
{
"name": "24229",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24229"
},
{
"name": "25418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25418"
},
{
"name": "36045",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36045"
},
{
"name": "edraw-viewer-httpdownloadfile-bo(34590)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34590"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://shinnai.altervista.org/viewtopic.php?id=42\u0026t_id=32"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in a certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer.ocx) 4.0.5.20, and other versions before 5.0, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) or execute arbitrary code via a long first argument to the HttpDownloadFile method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-1992",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1992"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://moaxb.blogspot.com/2007/05/moaxb-29-edraw-office-viewer-component.html"
},
{
"name": "4009",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4009"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ocxt.com/archives/28"
},
{
"name": "24229",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24229"
},
{
"name": "25418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25418"
},
{
"name": "36045",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36045"
},
{
"name": "edraw-viewer-httpdownloadfile-bo(34590)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34590"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://shinnai.altervista.org/viewtopic.php?id=42\u0026t_id=32"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3169",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in a certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer.ocx) 4.0.5.20, and other versions before 5.0, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) or execute arbitrary code via a long first argument to the HttpDownloadFile method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-1992",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1992"
},
{
"name": "http://moaxb.blogspot.com/2007/05/moaxb-29-edraw-office-viewer-component.html",
"refsource": "MISC",
"url": "http://moaxb.blogspot.com/2007/05/moaxb-29-edraw-office-viewer-component.html"
},
{
"name": "4009",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4009"
},
{
"name": "http://www.ocxt.com/archives/28",
"refsource": "CONFIRM",
"url": "http://www.ocxt.com/archives/28"
},
{
"name": "24229",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24229"
},
{
"name": "25418",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25418"
},
{
"name": "36045",
"refsource": "OSVDB",
"url": "http://osvdb.org/36045"
},
{
"name": "edraw-viewer-httpdownloadfile-bo(34590)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34590"
},
{
"name": "http://shinnai.altervista.org/viewtopic.php?id=42\u0026t_id=32",
"refsource": "MISC",
"url": "http://shinnai.altervista.org/viewtopic.php?id=42\u0026t_id=32"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3169",
"datePublished": "2007-06-11T22:00:00.000Z",
"dateReserved": "2007-06-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:05:29.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3168 (GCVE-0-2007-3168)
Vulnerability from cvelistv5 – Published: 2007-06-11 22:00 – Updated: 2024-08-07 14:05
VLAI
EPSS
VEX
Summary
A certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer.ocx) 4.0.5.20, and other versions before 5.0, allows remote attackers to delete arbitrary files via the DeleteLocalFile method.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2007/1992 | vdb-entryx_refsource_VUPEN |
| http://www.ocxt.com/archives/28 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/24230 | vdb-entryx_refsource_BID |
| http://shinnai.altervista.org/viewtopic.php?id=42… | x_refsource_MISC |
| https://www.exploit-db.com/exploits/4010 | exploitx_refsource_EXPLOIT-DB |
| http://secunia.com/advisories/25418 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://moaxb.blogspot.com/2007/05/moaxb-28-edraw-… | x_refsource_MISC |
| http://osvdb.org/36044 | vdb-entryx_refsource_OSVDB |
Date Public
2007-05-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:05:29.353Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-1992",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1992"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ocxt.com/archives/28"
},
{
"name": "24230",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24230"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://shinnai.altervista.org/viewtopic.php?id=42\u0026t_id=31"
},
{
"name": "4010",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4010"
},
{
"name": "25418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25418"
},
{
"name": "edraw-viewer-deletelocalfile-dos(34588)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34588"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://moaxb.blogspot.com/2007/05/moaxb-28-edraw-office-viewer-component.html"
},
{
"name": "36044",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36044"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer.ocx) 4.0.5.20, and other versions before 5.0, allows remote attackers to delete arbitrary files via the DeleteLocalFile method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-1992",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1992"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ocxt.com/archives/28"
},
{
"name": "24230",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24230"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://shinnai.altervista.org/viewtopic.php?id=42\u0026t_id=31"
},
{
"name": "4010",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4010"
},
{
"name": "25418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25418"
},
{
"name": "edraw-viewer-deletelocalfile-dos(34588)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34588"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://moaxb.blogspot.com/2007/05/moaxb-28-edraw-office-viewer-component.html"
},
{
"name": "36044",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36044"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3168",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer.ocx) 4.0.5.20, and other versions before 5.0, allows remote attackers to delete arbitrary files via the DeleteLocalFile method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-1992",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1992"
},
{
"name": "http://www.ocxt.com/archives/28",
"refsource": "CONFIRM",
"url": "http://www.ocxt.com/archives/28"
},
{
"name": "24230",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24230"
},
{
"name": "http://shinnai.altervista.org/viewtopic.php?id=42\u0026t_id=31",
"refsource": "MISC",
"url": "http://shinnai.altervista.org/viewtopic.php?id=42\u0026t_id=31"
},
{
"name": "4010",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4010"
},
{
"name": "25418",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25418"
},
{
"name": "edraw-viewer-deletelocalfile-dos(34588)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34588"
},
{
"name": "http://moaxb.blogspot.com/2007/05/moaxb-28-edraw-office-viewer-component.html",
"refsource": "MISC",
"url": "http://moaxb.blogspot.com/2007/05/moaxb-28-edraw-office-viewer-component.html"
},
{
"name": "36044",
"refsource": "OSVDB",
"url": "http://osvdb.org/36044"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3168",
"datePublished": "2007-06-11T22:00:00.000Z",
"dateReserved": "2007-06-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:05:29.353Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}