PDF-Pro multiple vulnerabilities
Posted on 02 March 2011.
Several vulnerabilities in PDF-Pro can be exploited by malicious people to compromise a user's system, according to Secunia.


1. The application loads libraries (e.g. dwmapi.dll) in an insecure manner, which can be exploited to load arbitrary libraries by tricking a user into e.g. opening a PDF file located on a remote WebDAV or SMB share.

2. A boundary error in the bundled PDF Reader ActiveX control (ePapyrusReader.ocx) when handling arguments passed to the "open()" method can be exploited to cause a stack-based buffer overflow.

3. Two boundary errors in ePapyrusReader.ocx when handling arguments passed to the "open_stream()" method can be exploited to cause heap-based buffer overflows.

4. A use-after-free error in ePapyrusReader.ocx when handling arguments passed to the "open_stream()" method can be exploited to dereference already freed memory.

5. A use-after-free error in ePapyrusReader.ocx when encountering corrupted arrays in a dictionary can be exploited to dereference already freed memory via a specially crafted PDF file.

6. The unsafe "RemoveFile()" method provided by ePapyrusReader.ocx allows deleting arbitrary files on a user's system.

7. The unsafe "DownloadFTP()" method in combination with the "SetFTPInfo()" method provided by ePapyrusReader.ocx allows downloading arbitrary files to a user's system.

8. The unsafe "UploadFTP" method in combination with the "SetFTPInfo()" method provided by ePapyrusReader.ocx allows retrieving arbitrary files from a user's system.

The vulnerabilities are confirmed in version 4.0.1.758 bundling ePapyrusReader.ocx version 1.6.2.1874. Other versions may also be affected.

Solution: Set the kill-bit for the affected ActiveX control and do not open untrusted PDF files.





Spotlight

Free security software identifies cloud vulnerabilities

Posted on 21 October 2104.  |  Designed for IT and security professionals, the service gives a view of the data exchanged with partner and cloud applications beyond the network firewall. Completely passive, it runs on non-production systems, and does not require firewall changes.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Oct 21st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //