GdPicture Multiple ActiveX Control SaveAsPDF Method Arbitrary File Overwrite

This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an ActiveX control that allows overwriting
arbitrary files.

Description :

The remote host contains the GdPicturePro5S.Imaging or
GdPicture4S.Imaging ActiveX control, which is used to manipulate
images in a variety of formats.

The version of the control installed on the remote host reportedly
fails to validate input to the 'sFilePath' argument of the 'SaveAsPDF'
method. If an attacker can trick a user on the affected host into
viewing a specially crafted HTML document, this method could be used
to create or overwrite arbitrary files on the affected system subject
to the user's privileges, which could in turn lead to execution of
arbitrary code.

See also :

http://www.nessus.org/u?b0052882
http://www.forums.gdpicture.com/post3101.html#p3101

Solution :

Upgrade to GdPicture Light Imaging Toolkit 4.7.2 (with version 4.7.0.2
of the control) / GdPicture Pro Imaging SDK 5.7.2 (with version
5.7.0.2 of the control) or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 34348 (gdpicture_imaging_activex_saveaspdf_unsafe.nasl)

Bugtraq ID: 31504

CVE ID: CVE-2008-4453

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now