CVE-2008-4453

GdPicture Light Imaging Toolkit and Pro Imaging SDK - Arbitrary File Write via SaveAsPDF Method

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4453. PoCs published by EgiX.

AI-analyzed exploit summary This exploit leverages the GdPicture Pro ActiveX control (gdpicture4s.ocx) to overwrite a file and execute arbitrary commands via the SaveAsPDF method. It injects HTML code with a malicious object tag to achieve remote code execution.

Description

The GdPicture (1) Light Imaging Toolkit 4.7.1 GdPicture4S.Imaging ActiveX control (gdpicture4s.ocx) 4.7.0.1 and (2) Pro Imaging SDK 5.7.1 GdPicturePro5S.Imaging ActiveX control (gdpicturepro5s.ocx) 5.7.0.1 allows remote attackers to create, overwrite, and modify arbitrary files via the SaveAsPDF method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by EgiX · htmlremotewindows

https://www.exploit-db.com/exploits/6638

View Code ZIP pw:eip

This exploit leverages the GdPicture Pro ActiveX control (gdpicture4s.ocx) to overwrite a file and execute arbitrary commands via the SaveAsPDF method. It injects HTML code with a malicious object tag to achieve remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: GdPicture Pro ActiveX (gdpicture4s.ocx)

No auth needed

Prerequisites: Victim must visit a malicious webpage · ActiveX control must be installed and enabled

MITRE ATT&CK