CVE-2012-4914
Description
Stack-based buffer overflow in the reader in CoolPDF 3.0.2.256 allows remote attackers to execute arbitrary code via a PDF document with a crafted stream.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
Cool PDF Reader 3.0.2.256 - Buffer Overflow
# Exploit Title: Cool PDF Reader 3.0.2.256 buffer overflow
# Vulnerability Disclosed to US-CERT by Chris Gabriel: 11-20-2012
# Emailed vendor: 12-4-2012
# Francis Provencher discovered vulnerability and reported to Secunia: 12-19-2012
# Vulnerability Discovery: Francis Provencher (Protek Research Lab's) @ProtekResearch
# Vulnerability Discovery: Chris Gabriel
# Exploit Author: Chris Gabriel
# Vendor Homepage: http://www.pdf2exe.com/reader.html
# Version: CoolPDF 3.0.2.256
# Tested on: Windows XP SP3
# CVE: CVE-2012-4914
# Reference: http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=70&Itemid=70
# Reference: http://secunia.com/advisories/51602
PoC: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/24463.pyCool PDF Image Stream - Remote Buffer Overflow (Metasploit)
Metasploit modules
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| coolpdf | coolpdf | 3.0.2.256 | |
References
CWEs
CWE-119
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.