HTTP: Visagesoft eXPert PDF Viewer Unsafe ActiveX

This signature detects attempts to use unsafe ActiveX controls in Visagesoft eXPert. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.

Extended Description

Insecure method vulnerability in the VSPDFEditorX.VSPDFEdit ActiveX control in VSPDFEditorX.ocx 1.0.200.0 in VISAGESOFT eXPert PDF EditorX allows remote attackers to create or overwrite arbitrary files via the first argument to the extractPagesToFile method.

Affected Products

Visagesoft expert_pdf_editorx

References

BugTraq: 32664 31984

CVE: CVE-2008-4919

Short Name
HTTP:STC:ACTIVEX:VISAGESFT-PDF
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
ActiveX CVE-2008-4919 CVE-2008-6496 PDF Unsafe Viewer Visagesoft bid:31984 bid:32664 eXPert
Release Date
06/14/2015
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3375
False Positive
Unknown
Vendors

Visagesoft

CVSS Score

8.8

Found a potential security threat?