Marco Torti

**Name of the Vulnerable Software and Affected Versions** VISAGESOFT eXPert PDF EditorX version 1.0.200.0 **Description** The issue concerns an insecure method in the VSPDFEditorX.VSPDFEdit ActiveX control, which allows remote attackers to create or overwrite arbitrary files. This is achieved by exploiting the `extractPagesToFile` method, specifically through its first argument. **Recommendations** For version 1.0.200.0, consider disabling the `extractPagesToFile` method as a temporary workaround until a patch is available. Restrict access to the VSPDFEditorX.VSPDFEdit ActiveX control to minimize the risk of exploitation. Avoid using the first argument in the `extractPagesToFile` method in the affected ActiveX control until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** VISAGESOFT eXPert PDF Viewer X ActiveX control version 3.0.990.0 **Description** The issue allows remote attackers to overwrite arbitrary files by providing a full pathname to the `savePageAsBitmap` method. This method is part of the VSPDFViewerX.ocx ActiveX control. **Recommendations** For version 3.0.990.0, consider disabling the `savePageAsBitmap` method until a patch is available to prevent remote attackers from overwriting arbitrary files.