Summary
This host is installed with Investintech products and is prone to denial of service vulnerability.
Impact
Successful exploitation will allow remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted PDF document.
Impact Level: System/Application
Solution
Update to the below versions,
Slim PDF Reader v1.0.1.12:
http://www.investintech.com/download/SPR/1.0.1.12/InstallSlimPDFReader.exe
Able2Doc Std 6.0.8.22:
http://www.investintech.com/download/A2E/7.0.8.22/InstallAble2Doc.exe
Able2Doc Pro 6.0.8.22:
http://www.investintech.com/download/A2E/7.0.8.22/InstallAble2DocPro.exe
Able2Extract Std 7.0.8.22:
http://www.investintech.com/download/A2E/7.0.8.22/InstallAble2Extract.exe
Able2Extract Pro 7.0.8.22:
http://www.investintech.com/download/A2E/7.0.8.22/InstallAble2ExtractPro.exe
Insight
The flaws are due to
- Unspecified errors in Investintech Able2Extract, Able2Doc, and Able2Doc Professional.
- Not properly restricting write operations in SlimPDF Reader, the arguments to unspecified function calls and read operations during block data moves.
- Fails to prevent faulting-instruction data from affecting write operations and faulting-address data from affecting branch selection in SlimPDF Reader.
Affected
Able2Extract version 7.0 and prior
SlimPDF Reader version 1.0.0.1 and prior
Able2Extract PDF Server version 1.0.0 or prior
Able2Doc and Able2Doc Professional version 6.0 and prior
References
Severity
Classification
-
CVE CVE-2011-4216, CVE-2011-4217, CVE-2011-4218, CVE-2011-4219, CVE-2011-4220, CVE-2011-4221, CVE-2011-4222, CVE-2011-4223 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Asterisk IAX2 Call Number Exhaustion DOS Vulnerability (Linux)
- Google Chrome Multiple Denial of Service Vulnerabilities - January12 (Mac OS X)
- CesarFTP MKD Command Buffer Overflow
- Google Chrome Multiple Denial of Service Vulnerabilities - March12 (Linux)
- Active Perl Modules Multiple Vulnerabilities (Windows)