Vulnerability Details CVE-2007-3168
A certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer.ocx) 4.0.5.20, and other versions before 5.0, allows remote attackers to delete arbitrary files via the DeleteLocalFile method.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.12
EPSS Ranking 93.5%
CVSS Severity
CVSS v2 Score 7.8
References
- http://moaxb.blogspot.com/2007/05/moaxb-28-edraw-office-viewer-component.html
- http://osvdb.org/36044
- http://secunia.com/advisories/25418
- http://shinnai.altervista.org/viewtopic.php?id=42&t_id=31
- http://www.ocxt.com/archives/28
- http://www.securityfocus.com/bid/24230
- http://www.vupen.com/english/advisories/2007/1992
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34588
- https://www.exploit-db.com/exploits/4010
- http://moaxb.blogspot.com/2007/05/moaxb-28-edraw-office-viewer-component.html
- http://osvdb.org/36044
- http://secunia.com/advisories/25418
- http://shinnai.altervista.org/viewtopic.php?id=42&t_id=31
- http://www.ocxt.com/archives/28
- http://www.securityfocus.com/bid/24230
- http://www.vupen.com/english/advisories/2007/1992
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34588
- https://www.exploit-db.com/exploits/4010
Products affected by CVE-2007-3168
-
cpe:2.3:a:edraw:office_viewer_component:*
-
cpe:2.3:a:edraw:office_viewer_component:4.0.5.20