CVE-2007-5257

EDraw Office Viewer Component < 5.3.220.1 - Stack-Based Buffer Overflow via FtpDownloadFile Method

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-5257. PoCs published by shinnai.

AI-analyzed exploit summary This is a proof-of-concept exploit for a buffer overflow vulnerability in EDraw Office Viewer Component 5.3. The exploit triggers a stack-based buffer overflow via the 'FtpDownloadFile' method, potentially leading to remote code execution.

Description

Stack-based buffer overflow in the EDraw.OfficeViewer ActiveX control in officeviewer.ocx in EDraw Office Viewer Component 5.3.220.1 and earlier allows remote attackers to execute arbitrary code via long strings in the first and second arguments to the FtpDownloadFile method, a different vector than CVE-2007-4821 and CVE-2007-3169.

Exploits (1)

exploitdb WORKING POC VERIFIED

by shinnai · htmldoswindows

https://www.exploit-db.com/exploits/4474

View Code ZIP pw:eip

This is a proof-of-concept exploit for a buffer overflow vulnerability in EDraw Office Viewer Component 5.3. The exploit triggers a stack-based buffer overflow via the 'FtpDownloadFile' method, potentially leading to remote code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: EDraw Office Viewer Component 5.3

No auth needed

Prerequisites: Victim must visit a malicious webpage or open a malicious HTML file · EDraw Office Viewer Component 5.3 must be installed

MITRE ATT&CK