Vulnerability Description
Absolute path traversal vulnerability in the EDraw Flowchart ActiveX control in EDImage.ocx 2.0.2005.1104 allows remote attackers to create or overwrite arbitrary files with arbitrary contents via a full pathname in the second argument to the HttpDownloadFile method, a different product than CVE-2007-4420.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Edraw | Flowchart Activex | <= 2.3 |
Related Weaknesses (CWE)
References
- http://osvdb.org/38415
- http://secunia.com/advisories/27462
- http://shinnai.altervista.org/exploits/txt/TXT_3kXDua0a0Tl5Vm5LU3ms.html
- http://www.securityfocus.com/bid/26308
- http://www.vupen.com/english/advisories/2007/3710
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38223
- https://www.exploit-db.com/exploits/4598
- http://osvdb.org/38415
- http://secunia.com/advisories/27462
- http://shinnai.altervista.org/exploits/txt/TXT_3kXDua0a0Tl5Vm5LU3ms.html
- http://www.securityfocus.com/bid/26308
- http://www.vupen.com/english/advisories/2007/3710
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38223
- https://www.exploit-db.com/exploits/4598
FAQ
What is CVE-2007-5826?
CVE-2007-5826 is a vulnerability with a CVSS score of 9.3 (HIGH). Absolute path traversal vulnerability in the EDraw Flowchart ActiveX control in EDImage.ocx 2.0.2005.1104 allows remote attackers to create or overwrite arbitrary files with arbitrary contents via a f...
How severe is CVE-2007-5826?
CVE-2007-5826 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-5826?
Check the references section above for vendor advisories and patch information. Affected products include: Edraw Flowchart Activex.