Intrusion Prevention

Edraw.Flowchart.HttpDownloadFile.Arbitrary.File.Download

Description

This indicates an attempt to exploit a file overwrite vulnerability in EDraw Flowchart.
EDraw Flowchart contains a design error in "EDImage.ocx" that allows an attacker to overwrite a file on a vulnerable system using the "HttpDownloadFile()" method.

Affected Products

EDraw Flowchart ActiveX version 2.3 and prior.

Impact

System Compromise: remote attackers can overwrite any file on a vulnerable system.

Recommended Actions

Currently we are not aware of any vendor supplied patch.

CVE References

CVE-2007-5826