Nitro PDF Reader 1.4.0 Remote Heap Memory Corruption / DoS PoC
Vendor: Nitro PDF, Inc., Nitro PDF Pty Ltd.
Product web page: http://www.nitroreader.com
Affected version: 1.4.0.11
Summary: Nitro PDF Reader, free, fast, powerfull and secure.
Create PDF files, comment and review, save PDF forms, extract
text and images, type text directly onto the page, and more.
Desc: The program suffers from a heap corruption vulnerability
which can be exploited by malicious people to cause a denial of
service and potentially compromise a vulnerable system. The
vulnerability is caused when processing malicious PDF file which
triggers a heap corruption state resulting in a crash.
--------------------------------------------------------------
(bc8.b54): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=0023f72c ebx=097e9c48 ecx=baadf00d edx=015ee620 esi=097e9c48 edi=097e1da0
eip=01604b77 esp=0023f708 ebp=00000000 iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010282
Defaulted to export symbols for C:\Program Files\Nitro PDF\Reader\npdf.dll -
npdf!ProvideCoreHFT+0x170517:
01604b77 8b01 mov eax,dword ptr [ecx] ds:0023:baadf00d=????????
--------------------------------------------------------------
Tested on: MS Windows XP Pro SP3 (en)
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
liquidworm gmail com
Advisory ID: ZSL-2011-4999
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-4999.php
21.02.2011
--------
PoC:
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/16254.rar (nitropdf_poc.rar)
http://www.zeroscience.mk/codes/nitropdf_poc.rar
--------