Page 1 of 1

Vulnerability on SaveAsPDF() method Fixed

Posted: Sat Oct 04, 2008 12:52 pm
by Loïc
To all GdPicture Toolkits users:

On 1 October 2008, a vulnerability has been identified in some GdPicture Toolkits, which could be exploited by remote attackers to take complete control of an affected system. This issue is caused by GdPicture ActiveX controls including the SaveAsPDF() method which could be exploited by attackers to create malicious files on a vulnerable system and execute arbitrary code by tricking a user into visiting a specially crafted web page.

This error has been fixed the 2 October 2008.

The GdPicture Toolkits which included this vulnerability are:

- GdPicture Light Imaging Toolkit
- GdPicture Pro Imaging SDK
- GdTwain ActiveX
- GdTwain Pro SDK



Fixed edition of these Toolkits can be download for free from this link: http://www.gdpicture.com/softwares.php


More informations about this vulnerability from:

http://www.frsirt.com/english/advisories/2008/2708
http://secunia.com/advisories/31966/
http://www.securityfocus.com/bid/31504
http://governmentsecurity.org/forum/ind ... e=threaded
http://www.f-secure.com/vulnerabilities/en/SA31898


Best regards,

Loïc Carrère