Security Affairs
Adobe ColdFusion flaw CVE-2026-48282 now exploited in the wild|Hidden Web Prompts Trick AI Agents Into Sending Money|Seven Bugs in FatFs Put IoT and Embedded Devices at Risk|Bad Epoll Flaw Gives Attackers Root Access on Linux and Android|Medtronic Notifies 3.8 Million After ShinyHunters Data Breach|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 104|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Adobe ColdFusion flaw CVE-2026-48282 now exploited in the wild|Hidden Web Prompts Trick AI Agents Into Sending Money|Seven Bugs in FatFs Put IoT and Embedded Devices at Risk|Bad Epoll Flaw Gives Attackers Root Access on Linux and Android|Medtronic Notifies 3.8 Million After ShinyHunters Data Breach|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 104|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Flaws in Able2Extract Professional tool allow hacking targeted machine with malicious image files

Researchers found serious flaws in Investintech’s Able2Extract Professional tool that could be exploited to execute arbitrary code using specially crafted image files. The Able2Extract Professional has over 250,000 licensed users across 135 countries, it allows them to view, convert and edit PDF files. Cisco Talos experts discovered two high-severity memory corruption vulnerabilities that can be […]

Able2Extract tool

Researchers found serious flaws in Investintech’s Able2Extract Professional tool that could be exploited to execute arbitrary code using specially crafted image files.

The Able2Extract Professional has over 250,000 licensed users across 135 countries, it allows them to view, convert and edit PDF files.

Cisco Talos experts discovered two high-severity memory corruption vulnerabilities that can be exploited to execute arbitrary code on the targeted machine.

“Cisco Talos recently discovered two remote code execution vulnerabilities in Investintech’s Able2Extract Professional. This software is a cross-platform PDF tool for Windows, Mac and Linux that converts PDFs and allows users to create and edit them.” reads the advisory published by Talos. “An attacker could exploit these vulnerabilities to execute arbitrary code on the victim machine.”

The vulnerabilities, tracked as CVE-2019-5088 and CVE-2019-5089, can be triggered using specially crafted JPEG or BMP image files. An attacker could trigger an out-of-bounds memory write by tricking users into opening specially crafted image files using Able2Extract Professional.

“An exploitable memory corruption vulnerability exists in Investintech Able2Extract Professional. A specially crafted JPEG file can cause an out-of-bounds memory write, allowing an attacker to execute arbitrary code on the victim machine.” reads the advisory for the CVE-2019-5089. “An attacker could exploit a vulnerability by providing the user with a specially crafted JPEG file.”

The vulnerabilities affect Able2Extract Professional version 14.0.7 x64.

Talos researchers reported the vulnerabilities to Investintech on August 1 and the company released a version to address them on November 1.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Able2Extract, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]