This vulnerability was resolved in Ghostscript 9.24, shipped September 3, 2018 and WebGrabber 8.1.0 December 20, 2018. 


 


The ActivePDF WebGrabber deployment of Ghostscript is not affected by VU#332928.

ActivePDF WebGrabber provides two engines for converting HTML to PDF. 



  • The Native engine does not utilized Ghostscript. 

  • The Internet Explorer engine does deploy GS to print the PDF.



    • The WebGrabber IE engine does not utilize the Ghostscript -dSAFER functionality

    • Vulnerability Note VU#332928 does not apply.





However, if you only use the Native engine and would like to remove Ghostscript, you may delete the Ghostscript dll from the WebGrabber installation- C:\Program Files\ActivePDF\P3Rest\Agents\gs32.dll

How do I tell which engine my application is using?

Check the code to see which engine is in use:



  • oWG.EngineToUse = APWebGrabberInterface.ConversionEngine.IE;   //IE engine use in .NET

  • oWG.EngineToUse = 1   ‘ IE engine use in COM, 0 = Native, 1 = IE

  • If the EngineToUse is not explicitly stated in the code, then it is defined in the Configuration manager. See image.

  • Note that the source code overrides the Configuration Manager, so check the source code first.

  • The default installation uses only the Native engine.