Absolute path traversal vulnerability in the EDraw Flowchart ActiveX control in EDImage.ocx 2.0.2005.1104 allows remote attackers to create or overwrite arbitrary files with arbitrary contents via a full pathname in the second argument to the HttpDownloadFile method, a different product than CVE-2007-4420.
References
Configurations
History
No history.
Information
Published : 2007-11-05 19:46
Updated : 2024-02-28 11:01
NVD link : CVE-2007-5826
Mitre link : CVE-2007-5826
CVE.ORG link : CVE-2007-5826
JSON object : View
Products Affected
edraw
- flowchart_activex
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')