PDFill Insecure Library Loading

Solutionary ID: SERT-VDN-1008

Risk Rating: Low

CVE ID: CVE-2011-3690

Product: PDFill PDF Editor 8.0

Application Vendor: PlotSoft

Vendor URL: http://www.plotsoft.com

Date discovered: 4/25/2011

Discovered by: Jose Hernandez and the Solutionary Engineering Research Team (SERT)

Vendor notification date: 4/26/2011

Vendor response date: No Response

Vendor acknowledgment date: No Response

Public disclosure date: 6/9/2011

Type of vulnerability: Insecure Library Loading

Exploit Vectors: Local and Remote

Vulnerability Description: PDFill is vulnerable to a Insecure Library Loading vulnerability. The libraries identified as being vulnerable are mfc70enu.dll and mfc80loc.dll. The vulnerability lies in the way Microsoft Windows loads DLLs. If applications load a library from a specific path and call that path implicitly, Microsoft Windows searches several default paths to find and load the library. A malicious attacker can create a malicious DLL with the same name and place it in a directory where Microsoft Windows searches by default. The application will load the malicious DLL resulting in arbitrary code execution.

Tested on: Windows XP SP3

Affected software versions: 8.0

Fixed in: No fix provided.

Remediation guidelines: Restrict access to the application to trusted networks and enforce strict restrictions for access to the application libraries. Monitor the vendors patch releases and apply security patches as they become available to address the issue identified.