DOWNLOAD: Best tool to repair Windows problems & optimize system performance | Best driver update software for your PC
 
Results 1 to 7 of 7

Thread: Sumatra PDF Denial Of Service Vulnerability

  1. #1
    Corrine's Avatar
    Corrine is offline Gold Member
    Join Date
    Jan 2009
    Location
    Upstate NY
    Posts
    961

    Default Sumatra PDF Denial Of Service Vulnerability

    Apparent distrust of Adobe PDF Reader has increased the popularity of my preferred alternate PDF application, Sumatra PDF. It appears that the popularity has also attracted additional attention. From Security Focus:

    Sumatra PDF is prone to an unspecified denial-of-service vulnerability.

    An attacker can exploit this issue to crash the affected application, resulting in a denial-of-service condition.

    Sumatra PDF 1.1 is vulnerable; other versions may also be affected.
    From the exploit information at Security Focus:



    Vulnerability Detection Time : 21st June 2010, 1:13 AM
    Tested on version 1.1 of Sumara PDF Reader
    Nature : Accidental Discovery


    Description : Sumatra PDF Reader crashed while testing recovered PDF
    Files from a HardDisk. PDF Files recovered using Forensic
    Tools were large in size. DoS code has been optimised to
    implement the crash with reduced file-size.



    Notes : This source can be modified after analyzing the crash appcompat
    files to write shell bind / other payloaded exploits.
    Sumatra PDR Reader crashed when PDF Files were already
    associated to launch it.

  2. #2
    hackerman1 is offline Senior Member
    Join Date
    Dec 2008
    Location
    Sweden
    Posts
    1,525

    Default

    THANKS !

    perhaps itīs time to try another PDF-reader....

  3. #3
    Max_Payne's Avatar
    Max_Payne is offline Senior Member
    Join Date
    Nov 2009
    Location
    Italy
    Posts
    250

    Default

    Apparently, it seems the same bug:

    http://forums.fofou.org/sumatrapdf/t...321&comments=5

    Then, this would be the "official" reply:

    Calling it an exploit or a denial of service is an exaggeration.

    It's a crash, just like any other crash. Some crashes lead to an exploit but most don't and this one hasn't been shown to lead to an exploit.

    Thus, we'll treat it as just any other ordinary crash i.e. it got fixed but we won't release an update every time a crash is fixed.
    Last edited by Max_Payne; 4th July 2010 at 22:22.

  4. #4
    Corrine's Avatar
    Corrine is offline Gold Member
    Join Date
    Jan 2009
    Location
    Upstate NY
    Posts
    961

    Default

    Thanks, Max!

  5. #5
    hackerman1 is offline Senior Member
    Join Date
    Dec 2008
    Location
    Sweden
    Posts
    1,525

    Default

    Thanks Max !

    really good news.

  6. #6
    optimus's Avatar
    optimus is offline Windows Enthusiast
    Join Date
    Apr 2010
    Posts
    94

    Default

    have they released a new version ,corrine?...i'm using v.1.1..,,i saw they have made a more secure beta version in one tech blog..
    Last edited by optimus; 25th July 2010 at 03:59.

  7. #7
    hackerman1 is offline Senior Member
    Join Date
    Dec 2008
    Location
    Sweden
    Posts
    1,525

    Default

    hi !

    optimus: why donīt you check yourself ?

    under "Help", "Check for new version"....
    just checked myself, v1.1 is the latest.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22