PDF Form Filling and Flattening Tool Field Name Overflow

2006-05-23T08:49:07
ID OSVDB:25902
Type osvdb
Reporter George D. Gal(ggal@vsecurity.com)
Modified 2006-05-23T08:49:07

Description

Vulnerability Description

A overflow exists in PDF Form Filling and Flattening Tool. The PDF Form Filling and Flattening Tool fails to copy form field names to a 256 byte fixed length buffer resulting in a stack-based buffer overflow. With a specially crafted request, an attacker can cause arbitary code execution resulting in a loss of integrity.

Solution Description

Upgrade to version 3.1.0.12 (released on 2006-05-10) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A overflow exists in PDF Form Filling and Flattening Tool. The PDF Form Filling and Flattening Tool fails to copy form field names to a 256 byte fixed length buffer resulting in a stack-based buffer overflow. With a specially crafted request, an attacker can cause arbitary code execution resulting in a loss of integrity.

Manual Testing Notes

pdformp.exe input.pdf output.pdf perl -e 'print "A"x260;'=foo

References:

Vendor URL: http://www.pdf-tools.com/asp/products.asp?name=FF&type=shell Secunia Advisory ID:20233 Other Advisory URL: http://www.vsecurity.com/bulletins/advisories/2006/pdf-form-filling.txt Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0610.html FrSIRT Advisory: ADV-2006-1960 CVE-2006-2549