ChartDirector Support - View Thread 1245230926

ChartDirector Support

Forum Home

Search

Message List Post Message

[Jun-17-2009 17:28] Security Problem (Noah)
- [Jun-18-2009 00:30] Re: Security Problem (Peter Kwan)
  - [Jun-22-2009 14:07] Re: Security Problem (Andreas)
    - [Jun-22-2009 23:01] Re: Security Problem (Peter Kwan)

Security Problem

Posted by Noah on Jun-17-2009 17:28

Hello,

i have an security problem here. The Image for a chart is called by for example http:\\whatever.com\chart.aspx?report=123&chart_wcv=jhsdfkjhsdf&cacheid=kjsfhdkljh

If you use "c:\windows\win.ini" as cacheid, the file is sent to browser. And every other file too.

I test it on several systems, xp, server 2003, on one xp it works, on another xp it does not. The same for win2003.

Is there any option to stop this, or a bugfix??

Thank you.

Re: Security Problem
Posted by Peter Kwan on Jun-18-2009 00:30	\| Reply \| Monitor
Hi Noah, I confirm this is in fact a bug in ChartDirector. We will fix it urgently. I will update this thread when the patch is available (should be within 24 hours). Regards Peter Kwan

Re: Security Problem
Posted by Andreas on Jun-22-2009 14:07	\| Reply \| Monitor
What about the Bugfix ?

Re: Security Problem
Posted by Peter Kwan on Jun-22-2009 23:01	\| Reply \| Monitor
Hi Andreas, Sorry. I forgot to update this thread. The patch is available at: http://www.advsofteng.com/netchartdir501p2.zip It contains both the signed and unsigned version of the ChartDirector assembly. Please use it to replace your existing "netchartdir.dll". Hope this can help. Regards Peter Kwan

Re: Security Problem
Posted by Andreas on Jun-23-2009 16:17	\| Reply \| Monitor
Now i have another problem... our license seems to be out dated for the 5.0.1.2 Our old version was licensed for the version 4.1.0.0. How can we solve this problem ? I already wrote a workaround bugfix for this security issue, but a bug free chartdirector version world be nice too... greets Andreas

Re: Security Problem
Posted by Glen on Sep-15-2009 23:40	\| Reply \| Monitor
Is this bug existing in the .NET version 4 of ChartDirector as well?

Re: Security Problem
Posted by Peter Kwan on Sep-16-2009 01:03	\| Reply \| Monitor
Hi Glen, Yes. It exists in ChartDirector Ver 4 as well. We have just announced ChartDirector Ver 5.0.2, which fixes this problem. Please kindly download the latest version of ChartDirector for .NET from our web site to replace your existing version. Hope this can help. Regards Peter Kwan