← Advisories

Soda PDF Professional 1.2.155 PDF/WWF File Handling Restriction of Service (RoS)

Low

Advisory ID

ZSL-2011-5056

Release Date

10 November 2011

Vendor

LULU software - http://www.sodapdf.com

Affected Version

1.2.155.1729 (Professional with OCR)

CVE

N/A

Tested On

Microsoft Windows XP Professional SP3 (EN)

Summary

Increase your efficiency with Soda PDF Professional, the smart & simple tool for opening, creating, editing, converting, and securing PDF files in a collaborative environment. Save time by using powerful automated features like batch PDF creation, professional templates & document comparison.

Description

Soda PDF Pro suffers from a restriction of service (RoS) vulnerability when handling PDF or WWF file formats which can be exploited by malicious people to cause a denial of service scenario.

Proof of Concept

sodapdf_ros.plTXT

Disclosure Timeline

N/A

Credits

Vulnerability discovered by Gjoko Krstic
High five to sm!

References

[1]http://packetstormsecurity.org/files/106828

[2]http://www.exploit-db.com/exploits/18106/

[3]http://securityreason.com/exploitalert/10984

[4]http://www.securityfocus.com/bid/50645

[5]http://osvdb.org/show/osvdb/83319

Changelog

10.11.2011Initial release

11.11.2011Added reference [2] and [3]

15.11.2011Added reference [4]

14.09.2012Added reference [5]