EDraw Office Viewer Component ActiveX control version 188.8.131.52 contains a vulnerability that could allow an unauthenticated, remote attacker to delete files from an affected system with the privileges of the user.
This vulnerability exists due to the allowance of unsafe methods within the affected ActiveX control. An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to visit a malicious web site. By using the unsafe method as part of the malicious web site, the attacker could delete arbitrary files from the affected system with the privileges of the user who launched the browser application.
Exploit code is publicly available.
EDraw has not confirmed this vulnerability and no software updates are available.