← Advisories

EDraw Flowchart ActiveX Control 2.3 (EDImage.ocx) Remote DoS Exploit (IE)

Low
Advisory ID
ZSL-2010-4936
Release Date
22 April 2010
Vendor
EdrawSoft - http://www.edrawsoft.com
Affected Version
2.3.0.6
CVE
N/A
Tested On
Microsoft Windows XP Professional Service Pack 3 (English), Microsoft Internet Explorer 8.0.6001.18702
Summary

Do you want to learn how to draw? Now you can online! Learn how to draw like a local application with Edraw Flowchart ActiveX Control that lets you quickly build basic flowcharts, organizational charts, business charts, hr diagram, work flow, programming flowchart and network diagrams.

Description

EDraw Flowchart ActiveX Control EDImage.OCX suffers from a denial of service vulnerability when parsing large amount of bytes to the OpenDocument() function, resulting in browser crash and unspecified memory corruption.

Report for Clsid: {F685AFD8-A5CC-410E-98E4-BAA1C559BA61} RegKey Safe for Script: True RegKey Safe for Init: True Implements IObjectSafety: False
Proof of Concept
edraw_ocx.vbsTXT
Disclosure Timeline
N/A
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]http://www.exploit-db.com/exploits/12341
[2]http://securityreason.com/wlb_show/WLB-2010040149
[3]http://www.securityfocus.com/bid/39641
[4]http://www.packetstormsecurity.org/filedesc/edraw23-dos.txt.html
[5]http://www.juniper.net/security/auto/vulnerabilities/vuln39641.html
[6]http://www.vfocus.net/art/20100423/7008.html
Changelog
22.04.2010Initial release
23.04.2010Added reference [2], [3], [4], [5] and [6]