Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

SumatraPDF 2.0.1 - '.chm' / '.mobi' Memory Corruption

🗓️ 23 Apr 2012 00:00:00Reported by shinnaiType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 19 Views

SumatraPDF v2.0.1 chm and mobi files memory corruption. PoC released for educational purposes, no responsibility for any damage. Tested on Microsoft Windows 7 Professional 6.1.7601 SP1

Code
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=============================================================================
=============================================================================
 SumatraPDF v2.0.1 chm and mobi files memory corruption

 Author: shinnai
 mail:   shinnai[at]autistici[dot]org
 site:   http://shinnai.altervista.org/

 This was written for educational purpose. Use it at your own risk.
 Author will be not responsible for any damage.

 Tested on:
 Microsoft Windows 7 Professional 
 6.1.7601 Service Pack 1 build 7601

 Info:
 PoC released as is, I have no time at the moment for further investigations
=============================================================================
=============================================================================

 Proof of concept:

http://shinnai.altervista.org/exploits/sumatra.rar
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/18771.rar

=============================================================================
=============================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (MingW32)

iQIcBAEBAgAGBQJPlP/0AAoJEJlK/ai8vywmZAMP/RGuHEXp0wa1VGI1sNrGUg98
7WifnPAeQfLmYkEYY/kugvz+Sba/yG2zJZCg+t5DBgANCVe54PHfkudqUVSmtM/l
DbZpSbcYX4IGKDt7hY1C7AT5buhRxJS1H4qE6HDE0vC8Lo3ZEwj1f6ArXwvPGL3W
kOp9CKL8W/6dL1FTTyyEfsCi52XmyoG5rP40xqzrW++m1PEZVt/kGtv+cS0Rl2Mq
sWkFqEJn0DhZj0XZyIm8mNcZofR4a6LBLWK9JwOQcgXbva1mkdM1+sOX9sd82WLJ
t6uZKXJ7jV5BfsajnNmupHE/RWgxu4fSYEnyIJqYljlBGjxbVSzDVB3qRq9rTEz4
hiWHVv1/QIup8OtpV5CUjwPt55mQGHkfBoXcIa26dIHGb4CKeuxX7sMBA7Ip8XR4
l7Ku9YXjGZMmNbc8NfsB4Td/H5teAR1cR1j9lWvAEnQe7vDnjq5EdHyNLGmtg4Z3
9Ky9YYA2ZH/QgFNAXv4U6drZ4YISRqWKS7u3Wyvwv3o8+yNWZ3UUIiRpm7MAkWQa
Y7E4WBoMmMkexYn/iqarbBDDe5lIU8z+9H538u/JhiJfCYoCCKW5ga1MA+64vLCj
8SnMpqB0hupl0LLCXTXapGfefOsm9gkEm31oC9U8Bsi0O4zWF6+Q7EipPLd9AkjC
hfANp4pmPDJGnYkagOxx
=q6Gx
-----END PGP SIGNATURE-----

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
23 Apr 2012 00:00Current
7.4High risk
Vulners AI Score7.4
sumatrapdfmemory corruptioneducational purposewindows 7
19