Signature Detail
Short Name |
HTTP:STC:DL:EDD-FILE-BOF |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
EDraw Flowchart edd File Buffer Overflow |
Release Date |
2012/12/05 |
Update Number |
2208 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: EDraw Flowchart ".edd" File Buffer Overflow
This signature detects attempts to exploit a known vulnerability in the EDraw Flowchart edd file. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the affected user.
Extended Description
The EDraw Flowchart ActiveX control is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary-checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code within the context of the affected application, typically Internet Explorer, that uses the ActiveX control. Failed exploit attempts will result in a denial-of-service condition.
Affected Products
- EDraw Flowchart ActiveX Control 2.3.0.6
References
- BugTraq: 39642