Intrusion Prevention

WordPress.Plugin.GDE.Arbitrary.File.Disclosure

Description

This indicates an attack attempt to exploit an Arbitrary File Disclosure vulnerability in WordPress Plugin Google Document Embedder.
This issue is caused by lack of sanitizing of the "file" parameter that is passed to "libs/pdf.php". It may allow remote attackers to browse arbitrary file by sending a crafted GET request to a vulnerable system.

Affected Products

The Google Document Embedder 2.4.6 and prior versions

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Recommended Actions

Upgrade to latest version, available from the web site.
http://wordpress.org/extend/plugins/google-document-embedder/

CVE References

CVE-2012-4915