GdPicture Multiple ActiveX Control SaveAsPDF Method Arbitrary File Overwrite
High Nessus Plugin ID 34348
SynopsisThe remote Windows host has an ActiveX control that allows overwriting arbitrary files.
DescriptionThe remote host contains the GdPicturePro5S.Imaging or GdPicture4S.Imaging ActiveX control, which is used to manipulate images in a variety of formats.
The version of the control installed on the remote host reportedly fails to validate input to the 'sFilePath' argument of the 'SaveAsPDF' method. If an attacker can trick a user on the affected host into viewing a specially crafted HTML document, this method could be used to create or overwrite arbitrary files on the affected system subject to the user's privileges, which could in turn lead to execution of arbitrary code.
SolutionUpgrade to GdPicture Light Imaging Toolkit 4.7.2 (with version 220.127.116.11 of the control) / GdPicture Pro Imaging SDK 5.7.2 (with version 18.104.22.168 of the control) or later.