CVE-2008-4453 Information
Description
The GdPicture (1) Light Imaging Toolkit 4.7.1 GdPicture4S.Imaging ActiveX control (gdpicture4s.ocx) 4.7.0.1 and (2) Pro Imaging SDK 5.7.1 GdPicturePro5S.Imaging ActiveX control (gdpicturepro5s.ocx) 5.7.0.1 allows remote attackers to create overwrite and modify arbitrary files via the SaveAsPDF method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information.
Reference
http://secunia.com/advisories/31898 http://secunia.com/advisories/31966 http://securityreason.com/securityalert/4355 http://www.securityfocus.com/bid/31504 http://www.vupen.com/english/advisories/2008/2708 https://exchange.xforce.ibmcloud.com/vulnerabilities/45536 https://www.exploit-db.com/exploits/6638
Share on: