The vulnerabilities in SumatraPDF are caused due to boundary errors within the "pdf_loadtype4shade()", "pdf_loadtype5shade()", "pdf_loadtype6shade()", and "pdf_loadtype7shade()" functions. This can be exploited to cause stack-based buffer overflows. The module will send an e-mail with an attached .PDF file. This file will deploy an agent when opened by the user. Additionally, the module will allow users to download the malformed zipped .PDF file from Core Impact's Web Server.
CVE Link
Exploit Platform
Exploit Type
Product Name