BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Sumatra PDF Integer Overflow

Disclosed December 9, 2012    Fully Patched

Vulnerability Description:

MuPDF library, within Sumatra, is vulnerable to an integer overflow. Attackers can exploit this to run arbitrary code within the context of the current user.

Vendors:

SumatraPDF (Krzysztof Kowalczyk)

Vulnerable Software/Devices:

  • MuPDF 1.0
  • MuPDF for iOS 1.1
  • Sumatra 2.1.1

Vulnerability Severity:

High

Exploit Availability:

Publicly Available

Exploit Impact:

Remote Code Execution
Attackers that exploit this vulnerability would be able to execute arbitrary code within the context of Sumatra.

BeyondTrust Prevention and Detection:

BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.

  • 17875 - SumatraPDF Integer Overflow (Zero-Day)

Mitigation:

No mitigation is available.

Links:

CVE(s):