Threat Monitor
Troj.Downloader.VBS.Agent.ex
| Aliases: | |
|---|---|
| Pattern: | 201001051330 |
| Threat Type | Propagation Methods | Systems Affected | Risk Level |
|---|---|---|---|
|
|
|
The EDraw Office Viewer Component ActiveX control (officeviewer.ocx) is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
The issue occurs when an excessive amount of data is passed to the 'FtpDownloadFile()' method of the EDraw.OfficeViewer(officeviewer.ocx) ActiveX control with the CLSID: 6BA21C22-53A5-463F-BBE8-5CF7FFA0132B.By persuading a victim to visit a specially-crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system.
Affected Version: EDraw Office Viewer Component 5.3
The issue occurs when an excessive amount of data is passed to the 'FtpDownloadFile()' method of the EDraw.OfficeViewer(officeviewer.ocx) ActiveX control with the CLSID: 6BA21C22-53A5-463F-BBE8-5CF7FFA0132B.By persuading a victim to visit a specially-crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system.
Affected Version: EDraw Office Viewer Component 5.3
