PDF Print E-mail

#####################################################################################

Application:   Cool PDF Reader PDF Processing Buffer Overflow Vulnerability

Platforms:   Windows

Versions:   The vulnerability is confirmed in version 3.0.2.256. Other versions may also be affected.

Secunia:   SA51602

{PRL}:   2013-01

Author:   Francis Provencher (Protek Research Lab's)

Website:   http://www.protekresearchlab.com/

Twitter:   @ProtekResearch

#####################################################################################

1) Introduction
2) Report Timeline
3) Technical details
4) POC


#####################################################################################

===============
1) Introduction
===============

 

CoolPDF is a fast, robust and affordable way to create professional quality PDF documents

for both novice and pro. CoolPDF works as a printer driver on all operating systems,

making PDF files of anything that can normally be printed. CoolPDF is a very cost-effective

solution for turning just about anything into a PDF. And the coolest thing about it is that it

generates PDF documents extremely fast and works with almost all languages in the world.

(http://www.coolpdf.com/)

#####################################################################################

============================
2) Report Timeline
============================

2012-12-19  Vulnerability reported to Secunia
2013-01-18  Publication of this advisory 

#####################################################################################

============================
3) Technical details
============================

The vulnerability is caused due to a boundary error when processing a stream

and can be exploited to cause a stack-based buffer overflow via a specially

crafted stream in a PDF file.


#####################################################################################

===========
4) POC
===========

Here



######################################################################################