Overview:
A vulnerability has been reported in the EDraw PDF Viewer ActiveX control, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to FtpConnect() function, which could download any file from remote FTP server and put on user's disk and an insecure "FtpDownloadFile()" method. This can be exploited to download files to arbitrary locations on a user's system when visiting a malicious website.
Impact:
Successful exploitation allows execution of arbitrary code.
Affected Software:
Edraw PDF Viewer Component 3.2.0.126.
Vulnerability Version:
The vulnerability has been reported in Edraw PDF Viewer Component 3.2.0.126. Other versions may also be affected.
Solution:
Set the kill-bit for the affected ActiveX control.
References:
http://secunia.com/advisories/35509/
http://archives.neohapsis.com/archives/fulldisclosure/2009-06/0198.html
IDS Rule:
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"EDraw PDF Viewer ActiveX Control Insecure Method"; flow:to_client,established; content:"clsid"; nocase; content:"44A8091F-8F01-43B7-8CF7-4BBA71E61E04"; nocase; distance:0; pcre:"/(FtpConnect|FtpDownloadFile)/i"; classtype:web-application-attack; reference:url,secunia.com/advisories/35509/; reference:url,archives.neohapsis.com/archives/fulldisclosure/2009-06/0198.html; sid:xxxxxxxx; rev:1;)
CVSS Base Score: 9.3
Risk factor: High
Friday, June 19, 2009
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment