CVE-2009-2169 — HIGH (9.3) — White Hats Nepal

Q: How severe is CVE-2009-2169?

CVE-2009-2169 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2009-2169?

Check the references section above for vendor advisories and patch information. Affected products include: Edraw Pdf Viewer Component.

Vulnerability Description

Insecure method vulnerability in the PDFVIEWER.PDFViewerCtrl.1 ActiveX control (pdfviewer.ocx) in Edraw PDF Viewer Component before 3.2.0.126 allows remote attackers to create and overwrite arbitrary files via a URL argument to the FtpConnect argument and a target filename argument to the FtpDownloadFile method. NOTE: this can be leveraged for code execution by writing to a Startup folder.

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Edraw	Pdf Viewer Component	<= 3.2.0

Related Weaknesses (CWE)

CWE-94

References

http://archives.neohapsis.com/archives/fulldisclosure/2009-06/0198.htmlExploit
http://secunia.com/advisories/35509Vendor Advisory
http://archives.neohapsis.com/archives/fulldisclosure/2009-06/0198.htmlExploit
http://secunia.com/advisories/35509Vendor Advisory

FAQ

What is CVE-2009-2169?

CVE-2009-2169 is a vulnerability with a CVSS score of 9.3 (HIGH). Insecure method vulnerability in the PDFVIEWER.PDFViewerCtrl.1 ActiveX control (pdfviewer.ocx) in Edraw PDF Viewer Component before 3.2.0.126 allows remote attackers to create and overwrite arbitrary ...

How severe is CVE-2009-2169?

CVE-2009-2169 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-2169?

Check the references section above for vendor advisories and patch information. Affected products include: Edraw Pdf Viewer Component.