Cool PDF Reader Image Stream Stack Overflow

2013-03-11T00:00:00
ID SAINT:82FBFE2D454FF6A62ED96D617049527A
Type saint
Reporter SAINT Corporation
Modified 2013-03-11T00:00:00

Description

Added: 03/11/2013
CVE: CVE-2012-4914
BID: 57461
OSVDB: 89349

Background

Cool PDF Reader is a small viewer/reader that can view, print, and convert PDF files to TXT, BMP, JPG, GIF, PNG, WMF, EMF, EPS.

Problem

Cool PDF Reader versions 3.0.2.256 and prior do not perform proper bounds checking on image stream objects. An attacker may be able to craft a malicious PDF document that exploits this vulnerability to trigger a stack overflow condition, which may lead to the ability to execute arbitrary code.

Resolution

No update is available at this time.

References

http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=70&Itemid=70
<http://www.pdf2exe.com/reader.html>

Limitations

This exploit has been tested against CoolPDF Software Cool PDF Reader 3.0.2.256 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).

Platforms

Windows