This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ActivePDF Toolkit. User interaction is required to exploit this vulnerability in that the target must open a malicious file.
The specific flaw exists within the PictView DLL. A specially crafted image file can trigger out-of-bounds writes in the DATA section of the PVW32Cnv.dll. These can be used to overwrite parser function pointers , error handling structures , or overwrite IAT values. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process.
Beginning with Toolkit 8.1.0, published January 29, 2018, the PictView DLL is removed from the product. It is strongly recommended that users upgrade to the current version.
Versions of Toolkit prior to 8.1.0:
Delete the PVW32Cnv.dll from the following directories
This vulnerability also affects DocConverter 2015 R5.0 and earlier
and also Server 2013 R4.1 and earlier
Delete the PVW32Cnv.dll from the following directory
After removal of the PickView DLL, the remaining supported image types are:
TIFF, JPEG, PNG, GIF, BMP, PBM, EMF, WMF, PPM, TGA, WBMP, PCX, PGM