CVE-2008-4453

Dspicture Light Imaging Toolkit - Access Control

Title source: rule

Description

The GdPicture (1) Light Imaging Toolkit 4.7.1 GdPicture4S.Imaging ActiveX control (gdpicture4s.ocx) 4.7.0.1 and (2) Pro Imaging SDK 5.7.1 GdPicturePro5S.Imaging ActiveX control (gdpicturepro5s.ocx) 5.7.0.1 allows remote attackers to create, overwrite, and modify arbitrary files via the SaveAsPDF method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by EgiX · htmlremotewindows

https://www.exploit-db.com/exploits/6638

View Code ZIP pw:eip

References (7)

[Vendor Advisory] http://secunia.com/advisories/31966

[Exploit, Patch] http://www.securityfocus.com/bid/31504

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/45536

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/2708

[Vendor Advisory] http://secunia.com/advisories/31898

[Third Party Advisory] http://securityreason.com/securityalert/4355

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/6638

Scores

EPSS 0.0964

EPSS Percentile 92.9%

Details

CWE

CWE-264

Status published

Products (2)

dspicture/light_imaging_toolkit 4.7.1

dspicture/pro_imaging_sdk 5.7.1

Published Oct 06, 2008

Tracked Since Feb 18, 2026