Issue:
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ActivePDF products. User interaction is required to exploit this vulnerability in that the target must open a malicious file.
The specific flaw exists within the PictView DLL. A specially crafted image file can trigger out-of-bounds writes in the DATA section of the PVW32Cnv.dll. These can be used to overwrite parser function pointers , error handling structures , or overwrite IAT values. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process.
Resolution:
Beginning with
- Toolkit 8.1.0, published January 29, 2018,
- Server 8.1.0, published February 26, 2018
- DocConverter 8.1.0, published March 12, 2018
the PictView DLL is removed from the product and is no longer a threat. It is strongly recommended that users upgrade to the current version.
For previous versions, Delete the PVW32Cnv.dll from the following directories
- Toolkit 2018 R1.0 and earlier
- C:\Program Files\activePDF\Toolkit\bin\x86
- C:\Windows\SysWOW64
- Server 2013 R4.1 and earlier
- C:\Program Files\activePDF\P3\Agents\Server
- DocConverter 2015 R5.0 and earlier
- C:\Program Files\ActivePDF\P3\Agents\DocConverter
Result:
After removal of the PickView DLL, the remaining supported image types are:
TIFF, JPEG, PNG, GIF, BMP, PBM, EMF, WMF, PPM, TGA, WBMP, PCX, PGM