Cool PDF Reader 3.0.2.256 buffer overflow

vendor:

Cool PDF Reader

by:

Chris Gabriel

7,8

CVSS

HIGH

Buffer Overflow

119

CWE

Product Name: Cool PDF Reader

Affected Version From: 3.0.2.256

Affected Version To: 3.0.2.256

Patch Exists: Yes

Related CWE: CVE-2012-4914

CPE: a:coolpdf:cool_pdf_reader

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP SP3

2012

Cool PDF Reader 3.0.2.256 buffer overflow

Cool PDF Reader 3.0.2.256 is vulnerable to a buffer overflow vulnerability. This vulnerability was discovered by Francis Provencher and reported to Secunia on 12-19-2012. Chris Gabriel also discovered the vulnerability and reported it to US-CERT on 11-20-2012. The vendor was emailed on 12-4-2012. The exploit was written by Chris Gabriel and tested on Windows XP SP3. The PoC is available at https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/24463.py.

Mitigation:

The vendor has released a patch to address this vulnerability. Users should update to the latest version of Cool PDF Reader.

Source

Exploit-DB raw data:

# Exploit Title: Cool PDF Reader 3.0.2.256 buffer overflow
# Vulnerability Disclosed to US-CERT by Chris Gabriel: 11-20-2012
# Emailed vendor: 12-4-2012
# Francis Provencher discovered vulnerability and reported to Secunia: 12-19-2012
# Vulnerability Discovery: Francis Provencher (Protek Research Lab's) @ProtekResearch
# Vulnerability Discovery: Chris Gabriel
# Exploit Author: Chris Gabriel
# Vendor Homepage: http://www.pdf2exe.com/reader.html
# Version: CoolPDF 3.0.2.256 
# Tested on: Windows XP SP3
# CVE: CVE-2012-4914
# Reference: http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=70&Itemid=70
# Reference: http://secunia.com/advisories/51602

PoC:  https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/24463.py