Edraw PDF Viewer ActiveX Control Insecure Method Vulnerability Network Vulnerability

Summary

This host is installed with Edraw PDF Viewer ActiveX Control and is prone to Insecure Method vulnerability.

Impact

Attacker may leverage this issue for code execution. Impact Level: System/Application

Solution

Upgrade to Edraw PDF Viewer Component version to 3.2.0.126 http://www.edrawsoft.com/pdfviewer.php Workaround: Set the killbit for the CLSID {44A8091F-8F01-43B7-8CF7-4BBA71E61E04} http://support.microsoft.com/kb/240797

Insight

- Error in 'PDFVIEWER.PDFViewerCtrl.1' ActiveX control in 'pdfviewer.ocx', and it can exploited via a URL argument to the FtpConnect argument and a target filename argument to the 'FtpDownloadFile' method.

Affected

Edraw PDF Viewer Component version prior to 3.2.0.126

References

http://archives.neohapsis.com/archives/fulldisclosure/2009-06/0198.html
http://secunia.com/advisories/35509

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-2169

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe AIR Multiple Vulnerabilities-01 Sep14 (Mac OS X)
Adobe Air and Flash Player Multiple Vulnerabilities (Mac OS X)
Adobe Acrobat Remote Code Execution Vulnerability(Win)
Adobe AIR Code Execution and DoS Vulnerabilities Nov13 (Mac OS X)
Active Perl Locale::Maketext Module Multiple Code Injection Vulnerabilities (Windows)

Take action and discover your vulnerabilities