CVE-2009-2169

N/A Unknown
Published: June 22, 2009 Modified: April 23, 2026
View on NVD

Description

Insecure method vulnerability in the PDFVIEWER.PDFViewerCtrl.1 ActiveX control (pdfviewer.ocx) in Edraw PDF Viewer Component before 3.2.0.126 allows remote attackers to create and overwrite arbitrary files via a URL argument to the FtpConnect argument and a target filename argument to the FtpDownloadFile method. NOTE: this can be leveraged for code execution by writing to a Startup folder.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://archives.neohapsis.com/archives/fulldisclosure/2009-06/0198.html
Source: cve@mitre.org
Exploit
http://secunia.com/advisories/35509
Source: cve@mitre.org
Vendor Advisory
http://archives.neohapsis.com/archives/fulldisclosure/2009-06/0198.html
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
http://secunia.com/advisories/35509
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

4 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
3.1%
87th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-94

Affected Vendors

edraw

Related CVEs

CVE-2026-7041 3.7
CVE-2026-7039 7.8
CVE-2026-7038 3.3
CVE-2026-7037 9.8
CVE-2026-7036 7.3