|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  World Laboratory of Bugtraq Database |
||||||||||
SecurityAlert : None
Credit : Gjoko Krstic Added by : SecurityReason SecurityRisk : Medium  (About) Remote : Yes Local : No Status : Bug
Text : Title: EDraw Flowchart ActiveX Control 2.3 (EDImage.ocx) Remote DoS Exploit (IE) Advisory ID: ZSL-2010-4936 Type: Local/Remote Impact: DoS Risk: (2/5) Release Date: 22.04.2010 Summary Do you want to learn how to draw? Now you can online! Learn how to draw like a local application with Edraw Flowchart ActiveX Control that lets you quickly build basic flowcharts, organizational charts, business charts, hr diagram, work flow, programming flowchart and network diagrams. Description EDraw Flowchart ActiveX Control EDImage.OCX suffers from a denial of service vulnerability when parsing large amount of bytes to the OpenDocument() function, resulting in browser crash and unspecified memory corruption. --------------------------------------------------------------------------- ----- Report for Clsid: {F685AFD8-A5CC-410E-98E4-BAA1C559BA61} RegKey Safe for Script: True RegKey Safe for Init: True Implements IObjectSafety: False --------------------------------------------------------------------------- ----- Vendor EdrawSoft - http://www.edrawsoft.com Affected Version 2.3.0.6 Tested On Microsoft Windows XP Professional Service Pack 3 (English) Microsoft Internet Explorer 8.0.6001.18702 Vendor Status N/A PoC edraw_ocx.vbs Credits Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk> References If you want change this note, please use UCP
|
||||||||||
| Alert | ||
Allow attacker to denial of service apache 2.2.17 server |
||
| Apache |  |
|
- 2011-05-13| Copyright © SecurityReason.com. All Rights Reserved. |