50 lines
No EOL
1.8 KiB
Text
50 lines
No EOL
1.8 KiB
Text
Nitro PDF Reader 1.4.0 Remote Heap Memory Corruption / DoS PoC
|
|
|
|
|
|
Vendor: Nitro PDF, Inc., Nitro PDF Pty Ltd.
|
|
Product web page: http://www.nitroreader.com
|
|
Affected version: 1.4.0.11
|
|
|
|
Summary: Nitro PDF Reader, free, fast, powerfull and secure.
|
|
Create PDF files, comment and review, save PDF forms, extract
|
|
text and images, type text directly onto the page, and more.
|
|
|
|
Desc: The program suffers from a heap corruption vulnerability
|
|
which can be exploited by malicious people to cause a denial of
|
|
service and potentially compromise a vulnerable system. The
|
|
vulnerability is caused when processing malicious PDF file which
|
|
triggers a heap corruption state resulting in a crash.
|
|
|
|
--------------------------------------------------------------
|
|
|
|
(bc8.b54): Access violation - code c0000005 (first chance)
|
|
First chance exceptions are reported before any exception handling.
|
|
This exception may be expected and handled.
|
|
eax=0023f72c ebx=097e9c48 ecx=baadf00d edx=015ee620 esi=097e9c48 edi=097e1da0
|
|
eip=01604b77 esp=0023f708 ebp=00000000 iopl=0 nv up ei ng nz na po nc
|
|
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010282
|
|
Defaulted to export symbols for C:\Program Files\Nitro PDF\Reader\npdf.dll -
|
|
npdf!ProvideCoreHFT+0x170517:
|
|
01604b77 8b01 mov eax,dword ptr [ecx] ds:0023:baadf00d=????????
|
|
|
|
--------------------------------------------------------------
|
|
|
|
Tested on: MS Windows XP Pro SP3 (en)
|
|
|
|
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
|
|
liquidworm gmail com
|
|
|
|
Advisory ID: ZSL-2011-4999
|
|
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-4999.php
|
|
|
|
|
|
21.02.2011
|
|
|
|
|
|
--------
|
|
|
|
PoC:
|
|
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/16254.rar (nitropdf_poc.rar)
|
|
http://www.zeroscience.mk/codes/nitropdf_poc.rar
|
|
|
|
-------- |