CVE-2009-2169

CRITICAL(9.3)

AV:N/AC:M/Au:N/C:C/I:C/A:C

Risk Signal Score25/100 — MITTEL

CVSS 9.3 — Kritisch

EPSS-Score

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

9.3

Technische Schwere

Beschreibung

Insecure method vulnerability in the PDFVIEWER.PDFViewerCtrl.1 ActiveX control (pdfviewer.ocx) in Edraw PDF Viewer Component before 3.2.0.126 allows remote attackers to create and overwrite arbitrary files via a URL argument to the FtpConnect argument and a target filename argument to the FtpDownloadFile method. NOTE: this can be leveraged for code execution by writing to a Startup folder.

Referenzen

http://archives.neohapsis.com/archives/fulldisclosure/2009-06/0198.html
http://secunia.com/advisories/35509
http://archives.neohapsis.com/archives/fulldisclosure/2009-06/0198.html
http://secunia.com/advisories/35509