Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Sumatra PDF Denial Of Service Vulnerability

04 Jul 2010   #1

Windows 7 & Windows Vista Ultimate
 
 
Sumatra PDF Denial Of Service Vulnerability

Apparent distrust of Adobe PDF Reader has increased the popularity of my preferred alternate PDF application, Sumatra PDF. It appears that the popularity has also attracted additional attention. From Security Focus:

Quote:
Sumatra PDF is prone to an unspecified denial-of-service vulnerability.

An attacker can exploit this issue to crash the affected application, resulting in a denial-of-service condition.

Sumatra PDF 1.1 is vulnerable; other versions may also be affected.
From the exploit information at Security Focus:

Quote:
Vulnerability Detection Time : 21st June 2010, 1:13 AM
Tested on version 1.1 of Sumara PDF Reader
Nature : Accidental Discovery
Description : Sumatra PDF Reader crashed while testing recovered PDF
Files from a HardDisk. PDF Files recovered using Forensic
Tools were large in size. DoS code has been optimised to
implement the crash with reduced file-size.

Notes : This source can be modified after analyzing the crash appcompat
files to write shell bind / other payloaded exploits.
Sumatra PDR Reader crashed when PDF Files were already
associated to launch it.


My System SpecsSystem Spec
.

04 Jul 2010   #2

W7-Enterprise + WS-2008 (Converted to Workstation)
 
 

THANKS !

perhaps it´s time to try another PDF-reader...
My System SpecsSystem Spec
05 Jul 2010   #3

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x64 SP1
 
 

Quote   Quote: Originally Posted by hackerman1 View Post
THANKS !

perhaps it´s time to try another PDF-reader...
I'd doubt this vulnerability would have much effect on the casual user. Unless you d/l pdf files from unknown sites, the likelihood of someone wanted to do a DDOS on you are slim. Suppose you switch to Nuance, and they have a vulnerability next, lol. I'd be more worried on a vulnerability that allowed someone to take over my machine remotely...and even then the threat would appear to be low. A Guy
My System SpecsSystem Spec
.


05 Jul 2010   #4

 
 

I agree it's a slim chance you'd be affected - but still... it's a PITA they'd even bother. Seriously, find something better to do guys.

Like program a girlfriend that tells how 'leet' you are or something...

Thanks for the heads up Corrine.
My System SpecsSystem Spec
05 Jul 2010   #5

Windows 7 & Windows Vista Ultimate
 
 

From Sumatra PDF Viewer forum

Quote:
This issue has been fixed already in what will become SumatraPDF 1.2. You can download a prerelease build for verifying this from http://blog.kowalczyk.info/software/...prerelase.html
and Sumatra PDF Viewer forum

Quote:
Calling it an exploit or a denial of service is an exaggeration.

It's a crash, just like any other crash. Some crashes lead to an exploit but most don't and this one hasn't been shown to lead to an exploit.

Thus, we'll treat it as just any other ordinary crash i.e. it got fixed but we won't release an update every time a crash is fixed.
My System SpecsSystem Spec
05 Jul 2010   #6

W7-Enterprise + WS-2008 (Converted to Workstation)
 
 

Thanks !

good news.
My System SpecsSystem Spec
Reply

 Sumatra PDF Denial Of Service Vulnerability




Thread Tools



Similar help and support threads for2: Sumatra PDF Denial Of Service Vulnerability
Thread Forum
Sumatra PDF reader 1.4 Released Software
"The User Profile Service service failed the logon. Use BSOD Help and Support
administrative vulnerability System Security
Sumatra PDF Reader 1.1 Software
Regular Expression Denial of Service Attacks..... Security News
Vulnerability in Virtual PC? News
New Reports of a Vulnerability in IIS News

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 05:13 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33