132 matches found
SumatraPDF 3.5.2 - Remote Code Execution
Exploit Title: SumatraPDF 3.5.2 - Remote Code Execution Date: 2026-02-10 Exploit Author: Mohammed I. Banyamer Vendor Homepage: https://www.sumatrapdfreader.org/ Software Link: https://www.sumatrapdfreader.org/download-free-pdf-viewer Version: 3.5.0 - 3.5.2 Tested on: Windows 10 / 11 CVE :...
Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2
Chinese-speaking individuals are the target of a new campaign that uses a trojanized version of SumatraPDF reader to deploy the AdaptixC2 Beacon post-exploitation agent and ultimately facilitate the abuse of Microsoft Visual Studio Code VS Code tunnels for remote access. Zscaler ThreatLabz, which...
CVE-2026-25920
SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, a heap out-of-bounds read vulnerability exists in SumatraPDF's MOBI HuffDic decompressor. The bounds check in AddCdicData only validates half the range that DecodeOne actually accesses. Opening a crafted .mobi file can read...
CVE-2026-25880
SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, the PDF reader allows execution of a malicious binary explorer.exe located in the same directory as the opened PDF when the user clicks File → “Show in folder”. This behavior leads to arbitrary code execution on the victim’s...
CVE-2026-25961
SumatraPDF is a multi-format reader for Windows. In 3.5.0 through 3.5.2, SumatraPDF's update mechanism disables TLS hostname verification INTERNETFLAGIGNORECERTCNINVALID and executes installers without signature checks. A network attacker with any valid TLS certificate e.g., Let's Encrypt can...
Exploit for CVE-2026-25961
SumatraPDF Insecure Update PoC CVE-2026-25961 – Remote C...
CVE-2026-25920
SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, a heap out-of-bounds read vulnerability exists in SumatraPDF's MOBI HuffDic decompressor. The bounds check in AddCdicData only validates half the range that DecodeOne actually accesses. Opening a crafted .mobi file can read...
CVE-2026-25880
SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, the PDF reader allows execution of a malicious binary explorer.exe located in the same directory as the opened PDF when the user clicks File → “Show in folder”. This behavior leads to arbitrary code execution on the victim’s...
CVE-2026-25961 SumatraPDF Update MITM -> Arbitrary Code Execution
SumatraPDF is a multi-format reader for Windows. In 3.5.0 through 3.5.2, SumatraPDF's update mechanism disables TLS hostname verification INTERNETFLAGIGNORECERTCNINVALID and executes installers without signature checks. A network attacker with any valid TLS certificate e.g., Let's Encrypt can...
CVE-2026-25961 SumatraPDF Update MITM -> Arbitrary Code Execution
SumatraPDF is a multi-format reader for Windows. In 3.5.0 through 3.5.2, SumatraPDF's update mechanism disables TLS hostname verification INTERNETFLAGIGNORECERTCNINVALID and executes installers without signature checks. A network attacker with any valid TLS certificate e.g., Let's Encrypt can...
CVE-2026-25961
CVE-2026-25961 affects SumatraPDF
CVE-2026-25961 SumatraPDF Update MITM -> Arbitrary Code Execution
SumatraPDF is a multi-format reader for Windows. In 3.5.0 through 3.5.2, SumatraPDF's update mechanism disables TLS hostname verification INTERNETFLAGIGNORECERTCNINVALID and executes installers without signature checks. A network attacker with any valid TLS certificate e.g., Let's Encrypt can...
CVE-2026-25961
SumatraPDF is a multi-format reader for Windows. In 3.5.0 through 3.5.2, SumatraPDF's update mechanism disables TLS hostname verification INTERNETFLAGIGNORECERTCNINVALID and executes installers without signature checks. A network attacker with any valid TLS certificate e.g., Let's Encrypt can...
CVE-2026-25920 SumatraPDF has a heap out-of-bounds read in MOBI HuffDic decompressor
SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, a heap out-of-bounds read vulnerability exists in SumatraPDF's MOBI HuffDic decompressor. The bounds check in AddCdicData only validates half the range that DecodeOne actually accesses. Opening a crafted .mobi file can read...
CVE-2026-25920
SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, a heap out-of-bounds read vulnerability exists in SumatraPDF's MOBI HuffDic decompressor. The bounds check in AddCdicData only validates half the range that DecodeOne actually accesses. Opening a crafted .mobi file can read...
CVE-2026-25920 SumatraPDF has a heap out-of-bounds read in MOBI HuffDic decompressor
SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, a heap out-of-bounds read vulnerability exists in SumatraPDF's MOBI HuffDic decompressor. The bounds check in AddCdicData only validates half the range that DecodeOne actually accesses. Opening a crafted .mobi file can read...
CVE-2026-25920
CVE-2026-25920 affects SumatraPDF
CVE-2026-25880
SumatraPDF (Windows)
CVE-2026-25880 Untrusted Search Path in SumatraPDF Reader (explorer.exe on Windows)
SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, the PDF reader allows execution of a malicious binary explorer.exe located in the same directory as the opened PDF when the user clicks File → “Show in folder”. This behavior leads to arbitrary code execution on the victim’s...
CVE-2026-25880
SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, the PDF reader allows execution of a malicious binary explorer.exe located in the same directory as the opened PDF when the user clicks File → “Show in folder”. This behavior leads to arbitrary code execution on the victim’s...