Vulnerability Details : CVE-2007-3168
A certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer.ocx) 4.0.5.20, and other versions before 5.0, allows remote attackers to delete arbitrary files via the DeleteLocalFile method.
Exploit prediction scoring system (EPSS) score for CVE-2007-3168
Probability of exploitation activity in the next 30 days: 9.99%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 95 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2007-3168
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:M/Au:N/C:N/I:P/A:C |
8.6
|
7.8
|
NIST |
References for CVE-2007-3168
-
http://moaxb.blogspot.com/2007/05/moaxb-28-edraw-office-viewer-component.html
-
https://www.exploit-db.com/exploits/4010
- http://www.vupen.com/english/advisories/2007/1992
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/34588
-
http://www.securityfocus.com/bid/24230
Exploit
- http://www.ocxt.com/archives/28
Products affected by CVE-2007-3168
- cpe:2.3:a:edraw:office_viewer_component:*:*:*:*:*:*:*:*
- cpe:2.3:a:edraw:office_viewer_component:4.0.5.20:*:*:*:*:*:*:*