Archive for April 22nd, 2010

Edrawsoft Security Advisories

EDraw Flowchart ActiveX Control 2.3 (.edd parsing) Remote Buffer Overflow PoC

– EDraw Flowchart ActiveX Control version 2.3 suffers from a buffer overflow vulnerability when parsing .edd file format resulting in an application crash and overwritten few memory registers which can aid the attacker toexecute arbitrary code.

Details: http://www.zeroscience.mk/mk/vulnerabilities/ZSL-2010-4935.php

——————————————–

EDraw Flowchart ActiveX Control 2.3 (EDImage.ocx) Remote DoS Exploit (IE)

– EDraw Flowchart ActiveX Control EDImage.OCX suffers from a denial of service vulnerability when parsing large amount of bytes to the OpenDocument() function, resulting in browser crash and unspecified memory corruption.

Details: http://www.zeroscience.mk/mk/vulnerabilities/ZSL-2010-4936.php

Olly