CVE-2008-4926

Name of the Vulnerable Software and Affected Versions MW6PDF417Lib.PDF417 version 3.0.0.1

Description The issue concerns insecure methods in the MW6 Technologies PDF417 ActiveX control, allowing remote attackers to overwrite arbitrary files. This is achieved by providing a full pathname argument to the SaveAsBMP and SaveAsWMF methods.

Recommendations For version 3.0.0.1, consider disabling the SaveAsBMP and SaveAsWMF methods until a patch is available to prevent remote attackers from overwriting arbitrary files. Restrict access to the MW6PDF417.dll library to minimize the risk of exploitation. Avoid using the full pathname argument in the affected methods until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.