Issue:


This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ActivePDF products. User interaction is required to exploit this vulnerability in that the target must open a malicious file.


The specific flaw exists within the PictView DLL. A specially crafted image file can trigger out-of-bounds writes in the DATA section of the PVW32Cnv.dll. These can be used to overwrite parser function pointers , error handling structures , or overwrite IAT values. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process.


Resolution:

Beginning with

  • Toolkit 8.1.0, published January 29, 2018,
  • Server 8.1.0, published February 26, 2018
  • DocConverter 8.1.0, published March 12, 2018

the PictView DLL is removed from the product and is no longer a threat. It is strongly recommended that users upgrade to the current version
 

 For previous versions, Delete the PVW32Cnv.dll from the following directories

  • Toolkit 2018 R1.0 and earlier
    1. C:\Program Files\activePDF\Toolkit\bin\x86
    2. C:\Windows\SysWOW64
  • Server 2013 R4.1 and earlier
    1. C:\Program Files\activePDF\P3\Agents\Server 
  • DocConverter 2015 R5.0 and earlier 
    1. C:\Program Files\ActivePDF\P3\Agents\DocConverter


Result:

After removal of the PickView DLL, the remaining supported image types are:

TIFF, JPEG, PNG, GIF, BMP, PBM, EMF, WMF, PPM, TGA, WBMP, PCX, PGM