CVE-2008-4453

Name of the Vulnerable Software and Affected Versions: GdPicture Light Imaging Toolkit version 4.7.1 GdPicture4S.Imaging ActiveX control (gdpicture4s.ocx) version 4.7.0.1 Pro Imaging SDK version 5.7.1 GdPicturePro5S.Imaging ActiveX control (gdpicturepro5s.ocx) version 5.7.0.1

Description: The issue allows remote attackers to create, overwrite, and modify arbitrary files via the SaveAsPDF method. This can be leveraged for remote code execution by accessing files using hcp:// URLs. It might only be exploitable in limited environments or non-default browser settings.

Recommendations: For GdPicture Light Imaging Toolkit version 4.7.1, consider disabling the SaveAsPDF method until a patch is available. For GdPicture4S.Imaging ActiveX control (gdpicture4s.ocx) version 4.7.0.1, restrict access to the control to minimize the risk of exploitation. For Pro Imaging SDK version 5.7.1, avoid using the SaveAsPDF method in the affected ActiveX control until the issue is resolved. For GdPicturePro5S.Imaging ActiveX control (gdpicturepro5s.ocx) version 5.7.0.1, consider restricting the use of the control to prevent remote code execution.