CVE-2008-6496

Visagesoft Expert Pdf Editorx - Access Control

Title source: rule

Description

Insecure method vulnerability in the VSPDFEditorX.VSPDFEdit ActiveX control in VSPDFEditorX.ocx 1.0.200.0 in VISAGESOFT eXPert PDF EditorX allows remote attackers to create or overwrite arbitrary files via the first argument to the extractPagesToFile method.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Marco Torti · htmldoswindows

https://www.exploit-db.com/exploits/7358

View Code ZIP pw:eip

References (4)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/7358

[Vendor Advisory] http://secunia.com/advisories/32990

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/47166

[Exploit] http://www.securityfocus.com/bid/32664

Scores

EPSS 0.0456

EPSS Percentile 89.2%

Details

CWE

CWE-264

Status published

Products (1)

visagesoft/expert_pdf_editorx 1.0.200.0

Published Mar 20, 2009

Tracked Since Feb 18, 2026