CVE-2009-2169

Name of the Vulnerable Software and Affected Versions Edraw PDF Viewer Component versions prior to 3.2.0.126

Description The issue allows remote attackers to create and overwrite arbitrary files via a URL argument to the FtpConnect argument and a target filename argument to the FtpDownloadFile method. This can be leveraged for code execution by writing to a Startup folder.

Recommendations For versions prior to 3.2.0.126, update to version 3.2.0.126 or later to resolve the issue. As a temporary workaround, consider restricting access to the FtpConnect and FtpDownloadFile methods until a patch is applied. Avoid using the FtpDownloadFile method with untrusted input until the issue is resolved.