1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP Pegasus ThumbnailXpress ActiveX File Delete

HTTP Pegasus ThumbnailXpress ActiveX File Delete

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempt to exploit a file delete vulnerability by passing special arguments into a method of Pegasus Imaging ThumbnailXpress ActiveX control.

Additional Information

Pegasus Imaging ThumbnailXpress is an ActiveX control to display and interact with image files.

The ActiveX control is prone to an arbitrary file-delete vulnerability.

This issue affects the 'CacheFile' variable of the ActiveX control with CLSID: F3379712-5D3C-4F57-92D9-09AC0657719A. When a filename is assigned to this variable, it will be deleted by the ActiveX control.

An attacker can exploit this issue to delete arbitrary files on the affected computer. Successful attacks can result in denial-of-service conditions.

Pegasus Imaging ThumbnailXpress version 1.0 is vulnerable to this issue; other versions may also be affected.

Affected

  • Pegasus Imaging Corporation. ThumbnailXpress 1.0
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube