Sumatra PDF Denial Of Service Vulnerability


  1. Corrine
    Posts : 2,303
    Windows 7 & Windows Vista Ultimate
       New #1

    Sumatra PDF Denial Of Service Vulnerability


    Apparent distrust of Adobe PDF Reader has increased the popularity of my preferred alternate PDF application, Sumatra PDF. It appears that the popularity has also attracted additional attention. From Security Focus:

    Sumatra PDF is prone to an unspecified denial-of-service vulnerability.

    An attacker can exploit this issue to crash the affected application, resulting in a denial-of-service condition.

    Sumatra PDF 1.1 is vulnerable; other versions may also be affected.
    From the exploit information at Security Focus:

    Vulnerability Detection Time : 21st June 2010, 1:13 AM
    Tested on version 1.1 of Sumara PDF Reader
    Nature : Accidental Discovery
    Description : Sumatra PDF Reader crashed while testing recovered PDF
    Files from a HardDisk. PDF Files recovered using Forensic
    Tools were large in size. DoS code has been optimised to
    implement the crash with reduced file-size.

    Notes : This source can be modified after analyzing the crash appcompat
    files to write shell bind / other payloaded exploits.
    Sumatra PDR Reader crashed when PDF Files were already
    associated to launch it.
      My Computer
    Quote Quote

  3. hackerman1
    Posts : 759
    W7-Enterprise + WS-2008 (Converted to Workstation)
       New #2

    THANKS !

    perhaps it´s time to try another PDF-reader...
      My Computer
    Quote Quote

  4. A Guy
    Posts : 53,364
    Windows 10 Home x64
       New #3

    hackerman1 said:
    THANKS !

    perhaps it´s time to try another PDF-reader...
    I'd doubt this vulnerability would have much effect on the casual user. Unless you d/l pdf files from unknown sites, the likelihood of someone wanted to do a DDOS on you are slim. Suppose you switch to Nuance, and they have a vulnerability next, lol. I'd be more worried on a vulnerability that allowed someone to take over my machine remotely...and even then the threat would appear to be low. A Guy
      My Computer
    Quote Quote

  6. smarteyeball
    Posts : 12,364
    8 Pro x64
       New #4

    I agree it's a slim chance you'd be affected - but still... it's a PITA they'd even bother. Seriously, find something better to do guys.

    Like program a girlfriend that tells how 'leet' you are or something...

    Thanks for the heads up Corrine.
      My Computer
    Quote Quote

  7. Corrine
    Posts : 2,303
    Windows 7 & Windows Vista Ultimate
    Thread Starter
       New #5

    From Sumatra PDF Viewer forum

    This issue has been fixed already in what will become SumatraPDF 1.2. You can download a prerelease build for verifying this from http://blog.kowalczyk.info/software/...prerelase.html
    and Sumatra PDF Viewer forum

    Calling it an exploit or a denial of service is an exaggeration.

    It's a crash, just like any other crash. Some crashes lead to an exploit but most don't and this one hasn't been shown to lead to an exploit.

    Thus, we'll treat it as just any other ordinary crash i.e. it got fixed but we won't release an update every time a crash is fixed.
      My Computer
    Quote Quote

  8. hackerman1
    Posts : 759
    W7-Enterprise + WS-2008 (Converted to Workstation)
       New #6

    Thanks !

    good news.
      My Computer
    Quote Quote

 

Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 17:59.
Find Us