Unrated severityNVD Advisory· Published Oct 6, 2008· Updated Apr 23, 2026

CVE-2008-4453

Description

The GdPicture (1) Light Imaging Toolkit 4.7.1 GdPicture4S.Imaging ActiveX control (gdpicture4s.ocx) 4.7.0.1 and (2) Pro Imaging SDK 5.7.1 GdPicturePro5S.Imaging ActiveX control (gdpicturepro5s.ocx) 5.7.0.1 allows remote attackers to create, overwrite, and modify arbitrary files via the SaveAsPDF method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information.

Affected products

Dspicture/Light Imaging Toolkit
cpe:2.3:a:dspicture:light_imaging_toolkit:4.7.1:*:*:*:*:*:*:*
Dspicture/Pro Imaging Sdk
cpe:2.3:a:dspicture:pro_imaging_sdk:5.7.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/31504nvdExploitPatch
secunia.com/advisories/31898nvdVendor Advisory
secunia.com/advisories/31966nvdVendor Advisory
securityreason.com/securityalert/4355nvd
www.vupen.com/english/advisories/2008/2708nvd
exchange.xforce.ibmcloud.com/vulnerabilities/45536nvd
www.exploit-db.com/exploits/6638nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.008
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000