Lucene search

K
saintSAINT CorporationSAINT:B308A86BF70BDA89E066FBF368267369
HistoryMar 11, 2013 - 12:00 a.m.

Cool PDF Reader Image Stream Stack Overflow

2013-03-1100:00:00
SAINT Corporation
download.saintcorporation.com
23
cool pdf reader
image stream
stack overflow
cve-2012-4914
bid 57461
osvdb 89349
windows

EPSS

0.914

Percentile

98.9%

Added: 03/11/2013
CVE: CVE-2012-4914
BID: 57461
OSVDB: 89349

Background

Cool PDF Reader is a small viewer/reader that can view, print, and convert PDF files to TXT, BMP, JPG, GIF, PNG, WMF, EMF, EPS.

Problem

Cool PDF Reader versions 3.0.2.256 and prior do not perform proper bounds checking on image stream objects. An attacker may be able to craft a malicious PDF document that exploits this vulnerability to trigger a stack overflow condition, which may lead to the ability to execute arbitrary code.

Resolution

No update is available at this time.

References

[http://www.protekresearchlab.com/index.php?option=com_content&amp;view=article&amp;id=70&amp;Itemid=70 ](<http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=70&Itemid=70
>)
<http://www.pdf2exe.com/reader.html&gt;

Limitations

This exploit has been tested against CoolPDF Software Cool PDF Reader 3.0.2.256 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).

Platforms

Windows

EPSS

0.914

Percentile

98.9%