CVE-2008-4923

Name of the Vulnerable Software and Affected Versions AZTECLib.MW6Aztec version 3.0.0.1

Description The issue concerns insecure methods in the Aztec ActiveX control that allow remote attackers to overwrite arbitrary files. This is achieved by providing a full pathname argument to the SaveAsBMP and SaveAsWMF methods.

Recommendations For version 3.0.0.1, consider disabling the SaveAsBMP and SaveAsWMF methods until a patch is available to prevent remote attackers from overwriting arbitrary files. Restrict access to the Aztec.dll module to minimize the risk of exploitation. Avoid using full pathnames as arguments to these methods in the affected API endpoints until the issue is resolved.