Vulnerability on SaveAsPDF() method Fixed

ChangeLogs, news, and special event announcements.
Locked
User avatar
Loïc
Site Admin
Posts: 5586
Joined: Tue Oct 17, 2006 10:48 pm
Location: France
Contact:

Vulnerability on SaveAsPDF() method Fixed

Post by Loïc » Sat Oct 04, 2008 12:52 pm

To all GdPicture Toolkits users:

On 1 October 2008, a vulnerability has been identified in some GdPicture Toolkits, which could be exploited by remote attackers to take complete control of an affected system. This issue is caused by GdPicture ActiveX controls including the SaveAsPDF() method which could be exploited by attackers to create malicious files on a vulnerable system and execute arbitrary code by tricking a user into visiting a specially crafted web page.

This error has been fixed the 2 October 2008.

The GdPicture Toolkits which included this vulnerability are:

- GdPicture Light Imaging Toolkit
- GdPicture Pro Imaging SDK
- GdTwain ActiveX
- GdTwain Pro SDK



Fixed edition of these Toolkits can be download for free from this link: http://www.gdpicture.com/softwares.php


More informations about this vulnerability from:

http://www.frsirt.com/english/advisories/2008/2708
http://secunia.com/advisories/31966/
http://www.securityfocus.com/bid/31504
http://governmentsecurity.org/forum/ind ... e=threaded
http://www.f-secure.com/vulnerabilities/en/SA31898


Best regards,

Loïc Carrère

Locked

Who is online

Users browsing this forum: No registered users and 2 guests