EDraw Flowchart ActiveX Control 2.3 (EDImage.ocx) Remote DoS Exploit (IE)

2010.04.23
Credit: Gjoko Krstic
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

Title: EDraw Flowchart ActiveX Control 2.3 (EDImage.ocx) Remote DoS Exploit (IE) Advisory ID: ZSL-2010-4936 Type: Local/Remote Impact: DoS Risk: (2/5) Release Date: 22.04.2010 Summary Do you want to learn how to draw? Now you can online! Learn how to draw like a local application with Edraw Flowchart ActiveX Control that lets you quickly build basic flowcharts, organizational charts, business charts, hr diagram, work flow, programming flowchart and network diagrams. Description EDraw Flowchart ActiveX Control EDImage.OCX suffers from a denial of service vulnerability when parsing large amount of bytes to the OpenDocument() function, resulting in browser crash and unspecified memory corruption. -------------------------------------------------------------------------------- Report for Clsid: {F685AFD8-A5CC-410E-98E4-BAA1C559BA61} RegKey Safe for Script: True RegKey Safe for Init: True Implements IObjectSafety: False -------------------------------------------------------------------------------- Vendor EdrawSoft - http://www.edrawsoft.com Affected Version 2.3.0.6 Tested On Microsoft Windows XP Professional Service Pack 3 (English) Microsoft Internet Explorer 8.0.6001.18702 Vendor Status N/A PoC edraw_ocx.vbs Credits Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk> References


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top