Nitro PDF Reader 1.4.0 – Heap Memory Corruption (PoC) - 体验盒子

作者： LiquidWorm
日期： 2011-02-28
类别：
dos
平台：
windows
来源：https://www.exploit-db.com/exploits/16254/
Nitro PDF Reader 1.4.0 Remote Heap Memory Corruption / DoS PoC


Vendor: Nitro PDF, Inc., Nitro PDF Pty Ltd.
Product web page: http://www.nitroreader.com
Affected version: 1.4.0.11

Summary: Nitro PDF Reader, free, fast, powerfull and secure.
Create PDF files, comment and review, save PDF forms, extract
text and images, type text directly onto the page, and more.

Desc: The program suffers from a heap corruption vulnerability
which can be exploited by malicious people to cause a denial of
service and potentially compromise a vulnerable system. The
vulnerability is caused when processing malicious PDF file which
triggers a heap corruption state resulting in a crash.

--------------------------------------------------------------

(bc8.b54): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=0023f72c ebx=097e9c48 ecx=baadf00d edx=015ee620 esi=097e9c48 edi=097e1da0
eip=01604b77 esp=0023f708 ebp=00000000 iopl=0 nv up ei ng nz na po nc
cs=001bss=0023ds=0023es=0023fs=003bgs=0000 efl=00010282
Defaulted to export symbols for C:\Program Files\Nitro PDF\Reader\npdf.dll - 
npdf!ProvideCoreHFT+0x170517:
01604b77 8b01mov eax,dword ptr [ecx]ds:0023:baadf00d=????????

--------------------------------------------------------------

Tested on: MS Windows XP Pro SP3 (en)

Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
liquidworm gmail com

Advisory ID: ZSL-2011-4999
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-4999.php


21.02.2011


--------

PoC: 
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/16254.rar (nitropdf_poc.rar)
http://www.zeroscience.mk/codes/nitropdf_poc.rar

--------