Vulnerabilities > CVE-2011-4222 - Unspecified vulnerability in Investintech Able2Extract and Able2Extract Server

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
investintech
critical
nessus
exploit available
NVD
Published: 2011-11-01
Updated: 2017-08-29

Summary

Unspecified vulnerability in Investintech.com Able2Extract and Able2Extract Server allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document.

Vulnerable Configurations

Part Description Count
Application
Investintech
2

Exploit-Db

  • descriptionAble2Doc and Able2Doc Professional 6.0 - Memory Corruption. CVE-2011-4220,CVE-2011-4221,CVE-2011-4222. Dos exploit for windows platform
    idEDB-ID:19393
    last seen2016-02-02
    modified2012-06-25
    published2012-06-25
    reporterCarlos Mario Penagos Hollmann
    sourcehttps://www.exploit-db.com/download/19393/
    titleAble2Doc and Able2Doc Professional 6.0 - Memory Corruption
  • descriptionSlimpdf Reader 1.0 Memory Corruption. CVE-2011-4220,CVE-2011-4221,CVE-2011-4222. Dos exploit for windows platform
    idEDB-ID:19391
    last seen2016-02-02
    modified2012-06-25
    published2012-06-25
    reporterCarlos Mario Penagos Hollmann
    sourcehttps://www.exploit-db.com/download/19391/
    titleSlimpdf Reader 1.0 Memory Corruption
  • descriptionAble2Extract and Able2Extract Server 6.0 - Memory Corruption. CVE-2011-4220,CVE-2011-4221,CVE-2011-4222. Dos exploit for windows platform
    idEDB-ID:19392
    last seen2016-02-02
    modified2012-06-25
    published2012-06-25
    reporterCarlos Mario Penagos Hollmann
    sourcehttps://www.exploit-db.com/download/19392/
    titleAble2Extract and Able2Extract Server 6.0 - Memory Corruption

Nessus

NASL familyWindows
NASL idINVESTINTECH_ABLE2EXTRACT_7_0_8_22.NASL
descriptionThe remote host has a version of Investintech Able2Extract that is earlier than 7.0.8.22 and is, therefore, affected by multiple, unspecified vulnerabilities. These vulnerabilities could allow an attacker to cause a denial of service condition or execute arbitrary code on the remote host by tricking a victim into opening a specially crafted PDF document.
last seen2020-06-01
modified2020-06-02
plugin id62623
published2012-10-18
reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/62623
titleInvestintech Able2Extract < 7.0.8.22 Multiple Vulnerabilities
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(62623);
  script_version("1.5");
  script_cvs_date("Date: 2018/07/12 19:01:17");

  script_cve_id("CVE-2011-4222");
  script_bugtraq_id(49923);
  script_xref(name:"CERT", value:"275036");
  script_xref(name:"EDB-ID", value:"19392");

  script_name(english:"Investintech Able2Extract < 7.0.8.22 Multiple Vulnerabilities");
  script_summary(english:"Checks version of Able2Extract");

  script_set_attribute(
    attribute:"synopsis",
    value:
"The remote host has an application installed that is affected by
multiple vulnerabilities."
  );
  script_set_attribute(
    attribute:"description",
    value:
"The remote host has a version of Investintech Able2Extract that is
earlier than 7.0.8.22 and is, therefore, affected by multiple, unspecified
vulnerabilities.  These vulnerabilities could allow an attacker to cause
a denial of service condition or execute arbitrary code on the remote
host by tricking a victim into opening a specially crafted PDF
document."
  );
  script_set_attribute(attribute:"solution", value:"Upgrade Able2Extract to version 7.0.8.22 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/10/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2011/10/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/10/18");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:investintech:able2extract");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");

  script_dependencies('investintech_able2extract_installed.nasl');
  script_require_keys('SMB/Investintech_Able2Extract/Installed');
  
  exit(0);
}

include('audit.inc');
include('global_settings.inc');
include('misc_func.inc');

appname = 'Investintech Able2Extract';
kb_base = "SMB/Investintech_Able2Extract/";
report = '';

num_installed = get_kb_item_or_exit(kb_base + 'NumInstalls');
not_vuln_ver_list = make_list();

for (install_num = 0; install_num < num_installed; install_num++)
{
  path = get_kb_item_or_exit(kb_base + install_num + '/Path');
  ver = get_kb_item_or_exit(kb_base + install_num + '/Version');
  fix = '7.0.8.22';
  
  if (ver_compare(ver:ver, fix:fix) == -1)
  {
    report += 
      '\n  Path              : ' + path +
      '\n  Installed version : ' + ver +
      '\n  Fixed version     : ' + fix + '\n';
  }
  else not_vuln_ver_list = make_list(not_vuln_ver_list, ver);
}

versions_not_vuln = '';
for (i=0; i<max_index(not_vuln_ver_list); i++)
{
  versions_not_vuln += ver;
  if (max_index(not_vuln_ver_list) > 1)
  {
    if (i+2 == max_index(not_vuln_ver_list))
      versions_not_vuln += ' and ';
    else if (max_index(not_vuln_ver_list) != 2)
      versions_not_vuln += ', ';
  }
}

if (report != '')
{
  if (report_verbosity > 0) security_hole(port:get_kb_item('SMB/transport'), extra:report);
  else security_hole(get_kb_item('SMB/transport'));
  exit(0);
} 
else
{ 
  if (max_index(not_vuln_ver_list) > 1)
    msg = appname + ' versions ' + versions_not_vuln + ' are installed and not affected.';
  else
    msg = appname + ' version ' + versions_not_vuln + ' is installed and not affected.';
  exit(0, msg);
}

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/114155/able2extractserver-corrupt.txt
idPACKETSTORM:114155
last seen2016-12-05
published2012-06-25
reporterCarlos Mario Penagos Hollmann
sourcehttps://packetstormsecurity.com/files/114155/Able2Extract-6.0-Memory-Corruption.html
titleAble2Extract 6.0 Memory Corruption

Seebug

bulletinFamilyexploit
descriptionNo description provided by source.
idSSV:73325
last seen2017-11-19
modified2014-07-01
published2014-07-01
reporterRoot
sourcehttps://www.seebug.org/vuldb/ssvid-73325
titleAble2Extract and Able2Extract Server 6.0 - Memory Corruption

References