
Researchers found serious flaws in Investintech’s Able2Extract Professional tool that could be exploited to execute arbitrary code using specially crafted image files.
The Able2Extract Professional has over 250,000 licensed users across 135 countries, it allows them to view, convert and edit PDF files.
Cisco Talos experts discovered two high-severity memory corruption vulnerabilities that can be exploited to execute arbitrary code on the targeted machine.
“Cisco Talos recently discovered two remote code execution vulnerabilities in Investintech’s Able2Extract Professional. This software is a cross-platform PDF tool for Windows, Mac and Linux that
The vulnerabilities, tracked as CVE-2019-5088 and CVE-2019-5089, can be triggered using specially crafted JPEG or BMP image files. An attacker could trigger an out-of-bounds memory write by tricking users into opening specially crafted image files using Able2Extract Professional.
“An exploitable memory corruption vulnerability exists in
The vulnerabilities affect Able2Extract Professional version 14.0.7 x64.
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(
[adrotate banner=”5″]
[adrotate banner=”13″]



