CVE-2008-4453 - OpenCVE

The GdPicture (1) Light Imaging Toolkit 4.7.1 GdPicture4S.Imaging ActiveX control (gdpicture4s.ocx) 4.7.0.1 and (2) Pro Imaging SDK 5.7.1 GdPicturePro5S.Imaging ActiveX control (gdpicturepro5s.ocx) 5.7.0.1 allows remote attackers to create, overwrite, and modify arbitrary files via the SaveAsPDF method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dspicture	Light Imaging Toolkit Pro Imaging Sdk

Configuration 1 [-]

OR	cpe:2.3:a:dspicture:light_imaging_toolkit:4.7.1:::::::*
	cpe:2.3:a:dspicture:pro_imaging_sdk:5.7.1:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/31898
http://secunia.com/advisories/31966
http://securityreason.com/securityalert/4355
http://www.securityfocus.com/bid/31504
http://www.vupen.com/english/advisories/2008/2708
https://exchange.xforce.ibmcloud.com/vulnerabilities/45536
https://www.exploit-db.com/exploits/6638

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-10-06T23:00:00

Updated: 2024-08-07T10:17:09.715Z

Reserved: 2008-10-06T00:00:00

Link: CVE-2008-4453

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-10-06T23:25:50.630

Modified: 2017-09-29T01:32:09.663

Link: CVE-2008-4453

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-09-30T00:00:00", "descriptions": [{"lang": "en", "value": "The GdPicture (1) Light Imaging Toolkit 4.7.1 GdPicture4S.Imaging ActiveX control (gdpicture4s.ocx) 4.7.0.1 and (2) Pro Imaging SDK 5.7.1 GdPicturePro5S.Imaging ActiveX control (gdpicturepro5s.ocx) 5.7.0.1 allows remote attackers to create, overwrite, and modify arbitrary files via the SaveAsPDF method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2008-2708", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/2708"}, {"name": "31966", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31966"}, {"name": "31504", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/31504"}, {"name": "gdpicture-saveaspdf-file-overwrite(45536)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45536"}, {"name": "31898", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31898"}, {"name": "4355", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/4355"}, {"name": "6638", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/6638"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-4453", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The GdPicture (1) Light Imaging Toolkit 4.7.1 GdPicture4S.Imaging ActiveX control (gdpicture4s.ocx) 4.7.0.1 and (2) Pro Imaging SDK 5.7.1 GdPicturePro5S.Imaging ActiveX control (gdpicturepro5s.ocx) 5.7.0.1 allows remote attackers to create, overwrite, and modify arbitrary files via the SaveAsPDF method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2008-2708", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2708"}, {"name": "31966", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31966"}, {"name": "31504", "refsource": "BID", "url": "http://www.securityfocus.com/bid/31504"}, {"name": "gdpicture-saveaspdf-file-overwrite(45536)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45536"}, {"name": "31898", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31898"}, {"name": "4355", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/4355"}, {"name": "6638", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/6638"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T10:17:09.715Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2008-2708", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/2708"}, {"name": "31966", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/31966"}, {"name": "31504", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/31504"}, {"name": "gdpicture-saveaspdf-file-overwrite(45536)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45536"}, {"name": "31898", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/31898"}, {"name": "4355", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/4355"}, {"name": "6638", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/6638"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-4453", "datePublished": "2008-10-06T23:00:00", "dateReserved": "2008-10-06T00:00:00", "dateUpdated": "2024-08-07T10:17:09.715Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dspicture:light_imaging_toolkit:4.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "2F1964B5-07E8-45FC-81F8-4CD8E1B7997D", "vulnerable": true}, {"criteria": "cpe:2.3:a:dspicture:pro_imaging_sdk:5.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "AFEEF1B7-53C6-488D-94C8-C087F440CD37", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The GdPicture (1) Light Imaging Toolkit 4.7.1 GdPicture4S.Imaging ActiveX control (gdpicture4s.ocx) 4.7.0.1 and (2) Pro Imaging SDK 5.7.1 GdPicturePro5S.Imaging ActiveX control (gdpicturepro5s.ocx) 5.7.0.1 allows remote attackers to create, overwrite, and modify arbitrary files via the SaveAsPDF method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information."}, {"lang": "es", "value": "Los controles ActiveX GdPicture GdPicture4S.Imaging (gdpicture4s.ocx) 4.7.0.1 de Luz Imaging Toolkit 4.7.1 y GdPicturePro5S.Imaging (gdpicturepro5s.ocx) 5.7.0.1 de Pro Imaging SDK 5.7.1 permiten a atacantes remotos crear, sobrescribir, y modificar archivos arbitrarios a trav\u00e9s del m\u00e9todo SaveAsPDF. \r\nNOTA: Este problema s\u00f3lo podr\u00eda ser explotado en entornos limitados o con configuraciones del navegador diferentes a la que viene por defecto. \r\nNOTA: Esto puede ser aprovechado para la ejecuci\u00f3n de c\u00f3digo remoto mediante el acceso a los ficheros utilizando URLs hcp://.\r\nNOTA: Algunos de estos detalles se obtienen a partir de informaci\u00f3n de terceros."}], "id": "CVE-2008-4453", "lastModified": "2017-09-29T01:32:09.663", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2008-10-06T23:25:50.630", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/31898"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/31966"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/4355"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://www.securityfocus.com/bid/31504"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/2708"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45536"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/6638"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}