Solutionary ID: SERT-VDN-1008
Risk Rating: Low
CVE ID: CVE-2011-3690
Product: PDFill PDF Editor 8.0
Application Vendor: PlotSoft
Vendor URL: http://www.plotsoft.com
Date discovered: 4/25/2011
Discovered by: Jose Hernandez and the Solutionary Engineering Research Team (SERT)
Vendor notification date: 4/26/2011
Vendor response date: No Response
Vendor acknowledgment date: No Response
Public disclosure date: 6/9/2011
Type of vulnerability: Insecure Library Loading
Exploit Vectors: Local and Remote
Vulnerability Description: PDFill is vulnerable to a Insecure Library Loading vulnerability. The libraries identified as being vulnerable are mfc70enu.dll and mfc80loc.dll. The vulnerability lies in the way Microsoft Windows loads DLLs. If applications load a library from a specific path and call that path implicitly, Microsoft Windows searches several default paths to find and load the library. A malicious attacker can create a malicious DLL with the same name and place it in a directory where Microsoft Windows searches by default. The application will load the malicious DLL resulting in arbitrary code execution.
Tested on: Windows XP SP3
Affected software versions: 8.0
Fixed in: No fix provided.
Remediation guidelines: Restrict access to the application to trusted networks and enforce strict restrictions for access to the application libraries. Monitor the vendors patch releases and apply security patches as they become available to address the issue identified.