EDraw Flowchart ActiveX Control 2.3 (EDImage.ocx) Remote DoS Exploit (IE)

Title: EDraw Flowchart ActiveX Control 2.3 (EDImage.ocx) Remote DoS Exploit (IE)
Advisory ID: ZSL-2010-4936
Type: Local/Remote
Impact: DoS
Risk: (2/5)
Release Date: 22.04.2010
Summary
Do you want to learn how to draw? Now you can online! Learn how to draw like a local application with Edraw Flowchart ActiveX Control that lets you quickly build basic flowcharts, organizational charts, business charts, hr diagram, work flow, programming flowchart and network diagrams.
Description
EDraw Flowchart ActiveX Control EDImage.OCX suffers from a denial of service vulnerability when parsing large amount of bytes to the OpenDocument() function, resulting in browser crash and unspecified memory corruption.

--------------------------------------------------------------------------------

Report for Clsid: {F685AFD8-A5CC-410E-98E4-BAA1C559BA61}
RegKey Safe for Script: True
RegKey Safe for Init: True
Implements IObjectSafety: False

--------------------------------------------------------------------------------

Vendor
EdrawSoft - http://www.edrawsoft.com
Affected Version
2.3.0.6
Tested On
Microsoft Windows XP Professional Service Pack 3 (English)
Microsoft Internet Explorer 8.0.6001.18702
Vendor Status
N/A
PoC
edraw_ocx.vbs
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] http://www.exploit-db.com/exploits/12341
[2] http://securityreason.com/wlb_show/WLB-2010040149
[3] http://www.securityfocus.com/bid/39641
[4] http://www.packetstormsecurity.org/filedesc/edraw23-dos.txt.html
[5] http://www.juniper.net/security/auto/vulnerabilities/vuln39641.html
[6] http://www.vfocus.net/art/20100423/7008.html
Changelog
[22.04.2010] - Initial release
[23.04.2010] - Added reference [2], [3], [4], [5] and [6]
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk