Cool PDF Reader Image Stream Stack Overflow

Added: 03/11/2013
CVE: CVE-2012-4914
BID: 57461
OSVDB: 89349

Background

Cool PDF Reader is a small viewer/reader that can view, print, and convert PDF files to TXT, BMP, JPG, GIF, PNG, WMF, EMF, EPS.

Problem

Cool PDF Reader versions 3.0.2.256 and prior do not perform proper bounds checking on image stream objects. An attacker may be able to craft a malicious PDF document that exploits this vulnerability to trigger a stack overflow condition, which may lead to the ability to execute arbitrary code.

Resolution

No update is available at this time.

References

http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=70&Itemid=70
http://www.pdf2exe.com/reader.html

Limitations

This exploit has been tested against CoolPDF Software Cool PDF Reader 3.0.2.256 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).

Platforms

Windows

Back to exploit index