Cool PDF Reader Image Stream Stack Overflow
Added: 03/11/2013CVE: CVE-2012-4914
BID: 57461
OSVDB: 89349
Background
Cool PDF Reader is a small viewer/reader that can view, print, and convert PDF files to TXT, BMP, JPG, GIF, PNG, WMF, EMF, EPS.Problem
Cool PDF Reader versions 3.0.2.256 and prior do not perform proper bounds checking on image stream objects. An attacker may be able to craft a malicious PDF document that exploits this vulnerability to trigger a stack overflow condition, which may lead to the ability to execute arbitrary code.Resolution
No update is available at this time.References
http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=70&Itemid=70http://www.pdf2exe.com/reader.html
Limitations
This exploit has been tested against CoolPDF Software Cool PDF Reader 3.0.2.256 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).Platforms
WindowsBack to exploit index