F-Secure
Tools
PDFBuilderX ActiveX Control "SaveToFile()" Arbitrary File Overwrite
| Report ID: | SA200900348 |
| Source: | Unknown |
| Date of Discovery: | 15.01.2009 |
| Criticality: | Urgent |
| Affects: | PDFBuilderX 2.x |
| Compromise From: | From remote |
| Compromise Type: | System access |
Summary
A vulnerability in PDFBuilderX, which can be exploited by malicious people to compromise a user's system.
Detailed Description
The vulnerability is caused due to the PDFBuilderXTrial.PDFDoc ActiveX control (PDFBuilderXTrial.ocx) providing the insecure "SaveToFile()" method. This can be exploited to overwrite arbitrary files on the system in the context of the currently logged-on user.
Successful exploitation allows execution of arbitrary code.
The vulnerability is confirmed in PDFBuilderXTrial.ocx version 2.2.0.1. Other versions may also be affected.
Successful exploitation allows execution of arbitrary code.
The vulnerability is confirmed in PDFBuilderXTrial.ocx version 2.2.0.1. Other versions may also be affected.
Solution
Set the kill-bit for the affected ActiveX control.