This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.
The remote Windows host has an ActiveX control that is affected by a
buffer overflow vulnerability.
The remote host contains the EDraw Office Viewer Component, an ActiveX
control for working with Microsoft Office documents.
The version of this control installed on the remote host contains a
buffer overflow that can be triggered by a long value for the first
argument of the 'HttpDownloadFileToTempDir' method. If an attacker
can trick a user on the affected host into visiting a specially
crafted web page, this method could be leveraged to execute
arbitrary code on the affected system subject to the user's
See also :
Upgrade to EDraw Office Viewer Component 5.3 or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.3
Public Exploit Available : true