Published: 06/10/2008 Updated: 29/09/2017

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 935

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

The GdPicture (1) Light Imaging Toolkit 4.7.1 GdPicture4S.Imaging ActiveX control (gdpicture4s.ocx) 4.7.0.1 and (2) Pro Imaging SDK 5.7.1 GdPicturePro5S.Imaging ActiveX control (gdpicturepro5s.ocx) 5.7.0.1 allows remote malicious users to create, overwrite, and modify arbitrary files via the SaveAsPDF method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
dspicture light imaging toolkit 4.7.1
dspicture pro imaging sdk 5.7.1

<!-- --------------------------------------------------------------------------------- GdPicture Pro ActiveX (gdpicture4socx) Remote File Overwrite / Execution Exploit --------------------------------------------------------------------------------- author: EgiX mail: n0b0d13s[at]gmail[dot]com link: wwwgdpicture ...

CWE-264 http://www.securityfocus.com/bid/31504 http://secunia.com/advisories/31966 http://secunia.com/advisories/31898 http://securityreason.com/securityalert/4355 http://www.vupen.com/english/advisories/2008/2708 https://exchange.xforce.ibmcloud.com/vulnerabilities/45536 https://www.exploit-db.com/exploits/6638 https://nvd.nist.gov https://www.exploit-db.com/exploits/6638/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-4453

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect