[Full-disclosure] Perfect PDF products distributed with vulnerable MSVC++ libraries



Hi @ll,

soft Xpansion <www.soft-xpansion.com> distributes their (freeware)
products "Perfect PDF 7 Master" and "Perfect PDF 7 Reader" (the
current files are dated 2011-05-10) with OUTDATED and VULNERABLE
Visual C++ 2008 runtime libraries VCRedist_x86.exe/VCRedist_x64.exe
version 9.0.30729.17 of 2008-08-08.

These libraries have been updated since then at least twice due to
vulnerabilities, see
<http://www.microsoft.com/technet/security/bulletin/MS09-035.mspx>
and
<http://www.microsoft.com/technet/security/bulletin/MS11-025.mspx>


Timeline:

2011-05-13 vendor informed via mail

(no reply)

2011-06-19 vulnerability report published


Stefan Kanthak

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages

  • Re: Advisory 02/2005: Remote code execution in Serendipity
    ... using the vulnerable libraries. ... the vulnerabilities in these two libraries will be released in the future. ... Remote code execution in Serendipity ... > Vendor Status: Vendor has released an updated version ...
    (Bugtraq)
  • Struts2 Security Challenge
    ... We are proud to announce a new and free Apache Struts2 Web-Hacking ... Ever thought about vulnerabilities in frameworks and ... libraries one is using in its web app? ... Try to solve the struts challenge! ...
    (Bugtraq)
  • Re: Perfect PDF products distributed with vulnerable MSVC++ libraries
    ... Did you check if these vulnerabilities be exploited via this product? ... Software that is distributed with such outdated libraries is VERY ... Update, for example), the vulnerable MSVC++ runtimeremain ...
    (Bugtraq)
  • Perfect PDF products distributed with vulnerable MSVC++ libraries
    ... soft Xpansion distributes their (freeware) ... These libraries have been updated since then at least twice due to ... vulnerabilities, see ...
    (Bugtraq)
  • OpenSSL and OpenSSH vulnerabilities
    ... are these vulnerabilities serious enough so that said ... libraries need to be updated, which leads to next question, as to where to ... find these updates on the FC2 updates mirror ... Check out Election 2004 for up-to-date election news, ...
    (Fedora)