Soda PDF Professional 1.2.155 PDF/WWF File Handling Restriction of Service (RoS)
Title: Soda PDF Professional 1.2.155 PDF/WWF File Handling Restriction of Service (RoS)
Advisory ID: ZSL-2011-5056
Type: Local/Remote
Impact: RoS
Risk: (1/5)
Release Date: 10.11.2011
High five to sm!
[2] http://www.exploit-db.com/exploits/18106/
[3] http://securityreason.com/exploitalert/10984
[4] http://www.securityfocus.com/bid/50645
[5] http://osvdb.org/show/osvdb/83319
[11.11.2011] - Added reference [2] and [3]
[15.11.2011] - Added reference [4]
[14.09.2012] - Added reference [5]
Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2011-5056
Type: Local/Remote
Impact: RoS
Risk: (1/5)
Release Date: 10.11.2011
Summary
Increase your efficiency with Soda PDF Professional, the smart & simple tool for opening, creating, editing, converting, and securing PDF files in a collaborative environment. Save time by using powerful automated features like batch PDF creation, professional templates & document comparison.Description
Soda PDF Pro suffers from a restriction of service (RoS) vulnerability when handling PDF or WWF file formats which can be exploited by malicious people to cause a denial of service scenario.Vendor
LULU software - http://www.sodapdf.comAffected Version
1.2.155.1729 (Professional with OCR)Tested On
Microsoft Windows XP Professional SP3 (EN)Vendor Status
N/APoC
sodapdf_ros.plCredits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>High five to sm!
References
[1] http://packetstormsecurity.org/files/106828[2] http://www.exploit-db.com/exploits/18106/
[3] http://securityreason.com/exploitalert/10984
[4] http://www.securityfocus.com/bid/50645
[5] http://osvdb.org/show/osvdb/83319
Changelog
[10.11.2011] - Initial release[11.11.2011] - Added reference [2] and [3]
[15.11.2011] - Added reference [4]
[14.09.2012] - Added reference [5]
Contact
Zero Science LabWeb: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
