CVE-2007-5826

Name of the Vulnerable Software and Affected Versions EDraw Flowchart ActiveX control in EDImage.ocx version 2.0.2005.1104

Description The issue allows remote attackers to create or overwrite arbitrary files with arbitrary contents via a full pathname in the second argument to the HttpDownloadFile method.

Recommendations For EDImage.ocx version 2.0.2005.1104, consider restricting access to the HttpDownloadFile method to minimize the risk of exploitation. As a temporary workaround, avoid using the HttpDownloadFile method with untrusted input until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.