Soda PDF Professional 1.2.155 PDF/WWF File Handling Restriction of Service (RoS)

Title: Soda PDF Professional 1.2.155 PDF/WWF File Handling Restriction of Service (RoS)
Advisory ID: ZSL-2011-5056
Type: Local/Remote
Impact: RoS
Risk: (1/5)
Release Date: 10.11.2011
Summary
Increase your efficiency with Soda PDF Professional, the smart & simple tool for opening, creating, editing, converting, and securing PDF files in a collaborative environment. Save time by using powerful automated features like batch PDF creation, professional templates & document comparison.
Description
Soda PDF Pro suffers from a restriction of service (RoS) vulnerability when handling PDF or WWF file formats which can be exploited by malicious people to cause a denial of service scenario.
Vendor
LULU software - http://www.sodapdf.com
Affected Version
1.2.155.1729 (Professional with OCR)
Tested On
Microsoft Windows XP Professional SP3 (EN)
Vendor Status
N/A
PoC
sodapdf_ros.pl
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
High five to sm!
References
[1] http://packetstormsecurity.org/files/106828
[2] http://www.exploit-db.com/exploits/18106/
[3] http://securityreason.com/exploitalert/10984
[4] http://www.securityfocus.com/bid/50645
[5] http://osvdb.org/show/osvdb/83319
Changelog
[10.11.2011] - Initial release
[11.11.2011] - Added reference [2] and [3]
[15.11.2011] - Added reference [4]
[14.09.2012] - Added reference [5]
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk