CVE Vulnerability

CVE-2008-4453

The GdPicture (1) Light Imaging Toolkit 4.7.1 GdPicture4S.Imaging ActiveX control (gdpicture4s.ocx) 4.7.0.1 and (2) Pro Imaging SDK 5.7.1 GdPicturePro5S.Imaging ActiveX control (gdpicturepro5s.ocx) 5.7.0.1 allows remote attackers to create, overwrite, and modify arbitrary files via the SaveAsPDF method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information.

9.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

References
Link Resource
http://www.securityfocus.com/bid/31504 Exploit Patch
http://secunia.com/advisories/31966 Vendor Advisory
http://secunia.com/advisories/31898 Vendor Advisory
http://securityreason.com/securityalert/4355
http://www.vupen.com/english/advisories/2008/2708
https://exchange.xforce.ibmcloud.com/vulnerabilities/45536
https://www.exploit-db.com/exploits/6638
Configurations

Configuration 1

cpe:2.3:a:dspicture:light_imaging_toolkit:4.7.1:*:*:*:*:*:*:*
cpe:2.3:a:dspicture:pro_imaging_sdk:5.7.1:*:*:*:*:*:*:*
Information

Published : 2008-10-06 11:25

Updated : 2017-09-29 01:32

NVD link : CVE-2008-4453

Mitre link : CVE-2008-4453

Products Affected
No products.
CWE
CWE-264