Vulnerability Description
A certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer.ocx) 4.0.5.20, and other versions before 5.0, allows remote attackers to delete arbitrary files via the DeleteLocalFile method.
CVSS Score
7.8
HIGH
AV:N/AC:M/Au:N/C:N/I:P/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Edraw | Office Viewer Component | <= 5.0 |
References
- http://moaxb.blogspot.com/2007/05/moaxb-28-edraw-office-viewer-component.html
- http://osvdb.org/36044
- http://secunia.com/advisories/25418Vendor Advisory
- http://shinnai.altervista.org/viewtopic.php?id=42&t_id=31
- http://www.ocxt.com/archives/28
- http://www.securityfocus.com/bid/24230Exploit
- http://www.vupen.com/english/advisories/2007/1992
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34588
- https://www.exploit-db.com/exploits/4010
- http://moaxb.blogspot.com/2007/05/moaxb-28-edraw-office-viewer-component.html
- http://osvdb.org/36044
- http://secunia.com/advisories/25418Vendor Advisory
- http://shinnai.altervista.org/viewtopic.php?id=42&t_id=31
- http://www.ocxt.com/archives/28
- http://www.securityfocus.com/bid/24230Exploit
FAQ
What is CVE-2007-3168?
CVE-2007-3168 is a vulnerability with a CVSS score of 7.8 (HIGH). A certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer.ocx) 4.0.5.20, and other versions before 5.0, allows remote attackers to delete arbitrary files via the DeleteLocalFil...
How severe is CVE-2007-3168?
CVE-2007-3168 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3168?
Check the references section above for vendor advisories and patch information. Affected products include: Edraw Office Viewer Component.