← back
CVE-2007-4420

CVE-2007-4420

EPSS 2.9%
Absolute path traversal vulnerability in a certain ActiveX control in officeviewer.ocx 5.1.199.1 in EDraw Office Viewer Component 5.1 allows remote attackers to create or overwrite arbitrary files via a full pathname in the second argument to the HttpDownloadFile method, a different vulnerability than CVE-2007-3168 and CVE-2007-3169.
Affected products
n/a · n/a
public PoCs found1
cve_referencewww.exploit-db.com/exploits/4290unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://osvdb.org/38794https://exchange.xforce.ibmcloud.com/vulnerabilities/36055https://www.exploit-db.com/exploits/4290http://www.ocxt.com/archives/39http://www.securityfocus.com/bid/25344