Remote code execution

2008-10-0623:25:00

PRIOn knowledge base

www.prio-n.com

8 High

AI Score

Confidence

Low

0.18 Low

EPSS

Percentile

96.2%

JSON

The GdPicture (1) Light Imaging Toolkit 4.7.1 GdPicture4S.Imaging ActiveX control (gdpicture4s.ocx) 4.7.0.1 and (2) Pro Imaging SDK 5.7.1 GdPicturePro5S.Imaging ActiveX control (gdpicturepro5s.ocx) 5.7.0.1 allows remote attackers to create, overwrite, and modify arbitrary files via the SaveAsPDF method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information.

CPENameOperatorVersion
light_imaging_toolkiteq4.7.1
pro_imaging_sdkeq5.7.1

CPE	Name	Operator	Version
	light_imaging_toolkit	eq	4.7.1
	pro_imaging_sdk	eq	5.7.1

References

secunia.com/advisories/31898

secunia.com/advisories/31966

securityreason.com/securityalert/4355

www.securityfocus.com/bid/31504

www.vupen.com/english/advisories/2008/2708

exchange.xforce.ibmcloud.com/vulnerabilities/45536

www.exploit-db.com/exploits/6638