CVE-2008-4453

Sažetak

The GdPicture (1) Light Imaging Toolkit 4.7.1 GdPicture4S.Imaging ActiveX control (gdpicture4s.ocx) 4.7.0.1 and (2) Pro Imaging SDK 5.7.1 GdPicturePro5S.Imaging ActiveX control (gdpicturepro5s.ocx) 5.7.0.1 allows remote attackers to create, overwrite, and modify arbitrary files via the SaveAsPDF method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information.

Reference

http://secunia.com/advisories/31898
http://secunia.com/advisories/31966
http://securityreason.com/securityalert/4355
http://www.securityfocus.com/bid/31504
http://www.vupen.com/english/advisories/2008/2708
https://exchange.xforce.ibmcloud.com/vulnerabilities/45536
https://www.exploit-db.com/exploits/6638

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

29-09-2017 - 01:32

Objavljeno

06-10-2008 - 23:25