|
|
|
>>
VUPEN Security / Public Mailing Lists Mirror |
Assigned : VUPEN/ADV-2006-1960
From : advisories at vsecurity.com
Subject : VSR Advisory: PDF Form Filling and Flattening Tool Buffer Overflow
Date : 2006-05-23
Original Message
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Virtual Security Research, LLC.
http://www.vsecurity.com/
Security Advisory
- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Advisory Name: PDF Form Filling and Flattening Tool Buffer Overflow
Release Date: 2006-05-23
Application: PDF Tools AG - PDF Form Filling and Flattening Tool
Version: 3.0 (Windows)
(other versions and platforms untested)
Severity: High
Author: George D. Gal <ggal_at_vsecurity.com>
Vendor Status: Vendor Notified, Fix Available
CVE Candidate: CVE-2006-2549
Reference:
http://www.vsecurity.com/bulletins/advisories/2006/pdf-form-filling.txt
- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Product Description:
> From the pdf-tools.com website[1]:
"PDF Tools AG is a world leader in PDF (The Adobe Portable Document Format)
programming technology, delivering reliable PDF products to international
customers in virtually all market segments."
"PDF Form Filling and Flattening Tool is a command line tool that can
create, edit, fill in and delete form fields in a PDF document."
Vulnerability Overview:
On April 18th, 2006 VSR has identified a stack overflow in the PDF Tools AG
PDF Form Filling and Flattening tool. Although this is a traditional
command line utility there may be a risk to those users of the application
who use it within web application or a network service, particularly when
relying on user supplied input to generate the PDF form field name or value
pairs.
In situations where user supplied input is used to populate a control file
of name value pairs without sufficient input validation the form field
names are susceptible to overflow. The buffer overflow occurs as a
direct result of unsafe string copy operations to a 256 byte fixed length
buffer. The binary is also susceptible to overflows of the PDF form field
names when specified on the command line instead of within a control file.
The following command may be used to check for the existence of the
vulnerability in the PDF form filling and flattening tool:
./pdformp.exe input.pdf output.pdf `perl -e 'print "A"x260;'`=foo
Vendor Response:
PDF Tools AG was first notified on 2006-04-19. The following time line
outlines the responses from the vendor regarding this issue:
2006-04-20 - Acknowledgment of security notification received from VSR.
Vendor stated that they only support registered customers
of the product.
2006-05-02 - Vendor response acknowledging overflow which will be
resolved in the next pre-release version.
2006-05-10 - Vendor response providing estimated release schedule.
2006-05-15 - Vendor response notifying VSR of publicly released fix.
Recommendation:
PDF Tools AG customers should upgrade to the latest build of the PDF
Form Filling and Flattening tool (build 3.1.0.12) released on
May 10th 2006.
The upgrade is available via:
http://www.pdf-tools.com/asp/products.asp?name=FF&type=shell
- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Common Vulnerabilities and Exposures (CVE) Information:
The Common Vulnerabilities and Exposures (CVE) project has assigned
the following names to these issues. These are candidates for
inclusion in the CVE list (http://cve.mitre.org), which standardizes
names for security problems.
CVE-2006-2549
- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
References:
1. PDF Tools AG Form Filling and Flattening Tool
http://www.pdf-tools.com/asp/products.asp?name=FF&type=shell
- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Vulnerability Disclosure Policy:
http://www.vsecurity.com/disclosurepolicy.html
- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Copyright 2006 Virtual Security Research, LLC. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)
iD8DBQFEc1j+TY6Rj3GeBOoRAla3AKCGmut+uoKLM6w8+hklum9pWyxQdQCfbob0
eI4HPGwtY798ElIWQEzx5yk=
=CXAE
-----END PGP SIGNATURE-----
Disclaimer : VUPEN Security does not endorse the content of this
message submitted by others to public mailinglists. Messages submitted to public
mailinglists do not necessarily reflect the opinions or policies of VUPEN Security.
VUPEN Security makes no warranties, express or implied, as to the content of the message
in this page or the accuracy and reliability of any messages and other materials
submitted to public mailinglists. Any questions or comments regarding this page
should be sent to
team@vupen.com
|
|
|
|
|
|
Monthly Statistics |
 |
|
|
|
| |
|
Try VUPEN
VNS |
 |
|
 |
|
| |
|
 |
| |
|
|
|
|
