PT-2009-1966 · Visagesoft · Visagesoft Expert Pdf Editorx

Marco Torti

Published

2009-03-20

Updated

2017-09-29

CVE-2008-6496

CVSS v2.0

8.8

High

Vector

AV:N/AC:M/Au:N/C:N/I:C/A:C

Name of the Vulnerable Software and Affected Versions VISAGESOFT eXPert PDF EditorX version 1.0.200.0

Description The issue concerns an insecure method in the VSPDFEditorX.VSPDFEdit ActiveX control, which allows remote attackers to create or overwrite arbitrary files. This is achieved by exploiting the extractPagesToFile method, specifically through its first argument.

Recommendations For version 1.0.200.0, consider disabling the extractPagesToFile method as a temporary workaround until a patch is available. Restrict access to the VSPDFEditorX.VSPDFEdit ActiveX control to minimize the risk of exploitation. Avoid using the first argument in the extractPagesToFile method in the affected ActiveX control until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2008-6496

Affected Products

Visagesoft Expert Pdf Editorx

PT-2009-1966 · Visagesoft · Visagesoft Expert Pdf Editorx

CVE-2008-6496

Weakness Enumeration

Related Identifiers

Affected Products

References · 5