VeryPDF Code Execution

VeryPDF Code Execution: Posted Apr 13, 2011; Authored by JODE | Site nsense.fi; nSense Vulnerability Research Security Advisory - A PDF file format parsing vulnerability exists in the pdf2tif parser and can be exploited with a specially crafted input file. The plugin suffers from a buffer overflow flaw. Many server side applications use the library when converting pdf files to images. If an attacker is able to send the application a malicious file, successful exploitation leads to code being executed in the context of the running application.; tags | advisory, overflow; SHA-256 | 6d62e5ba3582674b5aac158e6513d08ef73fcc69b021c695bef4f4ea131dc703; Download | Favorite | View

VeryPDF Code Execution

       nSense Vulnerability Research Security Advisory NSENSE-2011-001
       ---------------------------------------------------------------

       Affected Vendor:    VeryPDF (+ Multiple others, eg
                           Barcode Reader Tookit version 7.4.1.3 )
       Affected Product:   PDF Extract TIFF COM (prior to April 8'th)
       Platform:           Windows
       Impact:             Local/Remote code execution
       Vendor response:    Patch
       CVE:                None
       CVSS2:              9.3 - (AV:N/AC:M/Au:N/C:C/I:C/A:C)
       Credit:             JODE

       Technical details
       ---------------------------------------------------------------

       A PDF file format parsing vulnerability exists in the pdf2tif
       parser and can be exploited with a specially crafted input
       file. The plugin suffers from a buffer overflow flaw.

       Many server side applications use the library when converting
       pdf files to images. If an attacker is able to send the
       application a malicious file, successful exploitation leads to
       code being executed in  the context of the running application.

       Solution
       Upgrade to the latest version of the pdf2tif.dll.

       Timeline:
       April    1th                  Contacted vendor
       April    1th                  Vendor responded, requesting gold
                               support license agreement number.
       April    8th                  Vendor released the fix
       April    12th                 Advisory released

       Links:
       http://www.nsense.fi                       http://www.nsense.dk



       $$s$$$$s.   ,s$$$$s   ,S$$$$$s.  $$s$$$$s.   ,s$$$$s   ,S$$$$$s.
       $$$  `$$$  ($$(       $$$  `$$$  $$$  `$$$  ($$(       $$$  `$$$
       $$$   $$$    `^$$s.   $$$$$$$$$  $$$   $$$    `^$$s.   $$$$$$$$$
       $$$   $$$       )$$)  $$$        $$$   $$$       )$$)  $$$
       $$$   $$$  ^$$$$$$7    `7$$$$$P  $$$   $$$  ^$$$$$$7   `7$$$$$P

                      D r i v e n   b y   t h e   c h a l l e n g e _

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 87 files
Gentoo 31 files
Debian 21 files
tmrswrr 10 files
Sina Kheirkhah 7 files
Rodolfo Tavares 4 files
bRpsd 4 files
Google Security Research 3 files
Jann Horn 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,078)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,350)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,266)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,658)
UNIX (9,425)
UnixWare (187)
Windows (6,666)
Other

VeryPDF Code Execution

VeryPDF Code Execution

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

VeryPDF Code Execution

Share This

VeryPDF Code Execution

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems