exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

VSR-2006-05-23.txt

VSR-2006-05-23.txt
Posted May 26, 2006
Site vsecurity.com

On April 18th, 2006 VSR has identified a stack overflow in the PDF Tools AG PDF Form Filling and Flattening tool. Although this is a traditional command line utility there may be a risk to those users of the application who use it within web application or a network service, particularly when relying on user supplied input to generate the PDF form field name or value pairs.

tags | advisory, web, overflow
SHA-256 | 38dfd256afb7906bed20e3b9b81c69ba8d3f924b9302efa7c4975b0421b4c1e8

VSR-2006-05-23.txt

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Virtual Security Research, LLC.
http://www.vsecurity.com/
Security Advisory

- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Advisory Name: PDF Form Filling and Flattening Tool Buffer Overflow
Release Date: 2006-05-23
Application: PDF Tools AG - PDF Form Filling and Flattening Tool
Version: 3.0 (Windows)
(other versions and platforms untested)
Severity: High
Author: George D. Gal <ggal_at_vsecurity.com>
Vendor Status: Vendor Notified, Fix Available
CVE Candidate: CVE-2006-2549
Reference:
http://www.vsecurity.com/bulletins/advisories/2006/pdf-form-filling.txt
- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


Product Description:

> From the pdf-tools.com website[1]:

"PDF Tools AG is a world leader in PDF (The Adobe Portable Document Format)
programming technology, delivering reliable PDF products to international
customers in virtually all market segments."

"PDF Form Filling and Flattening Tool is a command line tool that can
create, edit, fill in and delete form fields in a PDF document."


Vulnerability Overview:

On April 18th, 2006 VSR has identified a stack overflow in the PDF Tools AG
PDF Form Filling and Flattening tool. Although this is a traditional
command line utility there may be a risk to those users of the application
who use it within web application or a network service, particularly when
relying on user supplied input to generate the PDF form field name or value
pairs.

In situations where user supplied input is used to populate a control file
of name value pairs without sufficient input validation the form field
names are susceptible to overflow. The buffer overflow occurs as a
direct result of unsafe string copy operations to a 256 byte fixed length
buffer. The binary is also susceptible to overflows of the PDF form field
names when specified on the command line instead of within a control file.

The following command may be used to check for the existence of the
vulnerability in the PDF form filling and flattening tool:

./pdformp.exe input.pdf output.pdf `perl -e 'print "A"x260;'`=foo

Vendor Response:

PDF Tools AG was first notified on 2006-04-19. The following time line
outlines the responses from the vendor regarding this issue:

2006-04-20 - Acknowledgment of security notification received from VSR.
Vendor stated that they only support registered customers
of the product.
2006-05-02 - Vendor response acknowledging overflow which will be
resolved in the next pre-release version.
2006-05-10 - Vendor response providing estimated release schedule.
2006-05-15 - Vendor response notifying VSR of publicly released fix.

Recommendation:

PDF Tools AG customers should upgrade to the latest build of the PDF
Form Filling and Flattening tool (build 3.1.0.12) released on
May 10th 2006.

The upgrade is available via:

http://www.pdf-tools.com/asp/products.asp?name=FF&type=shell

- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Common Vulnerabilities and Exposures (CVE) Information:

The Common Vulnerabilities and Exposures (CVE) project has assigned
the following names to these issues. These are candidates for
inclusion in the CVE list (http://cve.mitre.org), which standardizes
names for security problems.

CVE-2006-2549

- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

References:

1. PDF Tools AG Form Filling and Flattening Tool
http://www.pdf-tools.com/asp/products.asp?name=FF&type=shell

- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Vulnerability Disclosure Policy:

http://www.vsecurity.com/disclosurepolicy.html

- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Copyright 2006 Virtual Security Research, LLC. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)

iD8DBQFEc1j+TY6Rj3GeBOoRAla3AKCGmut+uoKLM6w8+hklum9pWyxQdQCfbob0
eI4HPGwtY798ElIWQEzx5yk=
=CXAE
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    69 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close