Vulnerability CVE-2008-4453
Published: 2008-10-06   Modified: 2012-02-12

Description:
The GdPicture (1) Light Imaging Toolkit 4.7.1 GdPicture4S.Imaging ActiveX control (gdpicture4s.ocx) 4.7.0.1 and (2) Pro Imaging SDK 5.7.1 GdPicturePro5S.Imaging ActiveX control (gdpicturepro5s.ocx) 5.7.0.1 allows remote attackers to create, overwrite, and modify arbitrary files via the SaveAsPDF method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information.

See advisories in our WLB2 database:
Topic
Author
Date
High
GdPicture Pro ActiveX (gdpicture4s.ocx) File Overwrite / Exec Exploit
EgiX
08.10.2008

Type:

CWE-264

 (Permissions, Privileges, and Access Controls)

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Dspicture -> Light imaging toolkit 
Dspicture -> Pro imaging sdk 

 References:
http://www.securityfocus.com/bid/31504
http://xforce.iss.net/xforce/xfdb/45536
http://www.vupen.com/english/advisories/2008/2708
http://www.milw0rm.com/exploits/6638
http://securityreason.com/securityalert/4355
http://secunia.com/advisories/31966
http://secunia.com/advisories/31898
Copyright 2024, cxsecurity.com

 

Back to Top