A vulnerability has been discovered in GdPicture Light Imaging Toolkit, which potentially can be exploited by malicious people to compromise a user's system.

A vulnerability has been discovered in GdPicture Light Imaging Toolkit, which potentially can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to the GdPicture4S.Imaging ActiveX control (gdpicture4s.ocx) including the insecure "SaveAsPDF()" method. This can be exploited to overwrite arbitrary files on the system in the context of the currently logged-on user.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is confirmed in gdpicture4s.ocx version 4.7.0.1 included in GdPicture Light Imaging Toolkit version 4.7.1. Other versions may also be affected.

Set the kill-bit for the affected ActiveX control.