Vulnerability Spotlight: Iceni Infix PDF Editor Memory Corruption

Today, Talos is disclosing a vulnerability that has been identified in Iceni Infix PDF Editor that could lead to arbitrary code execution on affected hosts. This vulnerability manifests in a way that could be exploited if a user opens a specifically crafted PDF file that triggers this flaw. Talos has coordinated with Iceni to ensure relevant details regarding the vulnerability have been shared. Iceni has developed a software update that addresses this vulnerability. In addition, Talos has developed Snort Rules that can detect attempts to exploit this flaw.

Vulnerability Details

TALOS-2017-0367 was identified by Piotr Bania of Talos.

TALOS-2017-0367 (CVE-2017-2863) is memory corruption vulnerability in Iceni Infix that could be leveraged to achieve arbitrary code execution on the affected device. TALOS-2017-0367 manifests as a out of bound write flaw in the PDF parsing functionality. Exploitation is possible if a user were to open a specifically crafted PDF file that targets this vulnerability. The most likely form of attack this could be exploited would be in a social engineering scenario where a user receives an email containing a malicious PDF that exploits this vulnerability.

For more technical details, please read our advisory here.

Coverage

Talos has developed the following Snort rules to detect attempts to exploit this vulnerability. Note that these rules are subject to change pending additional vulnerability information. For the most current information, please visit your Firepower Management Center or Snort.org.

Snort Rules: 43212-43213

For other vulnerabilities Talos has disclosed, please refer to our Vulnerability Report Portal: http://www.talosintelligence.com/vulnerability-reports/

To review our Vulnerability Disclosure Policy, please visit this site:
http://www.cisco.com/c/en/us/about/security-center/vendor-vulnerability-policy.html