The Able2Extract Professional has over 250,000 licensed users across 135 countries, it allows them to view, convert and edit PDF files.
Cisco Talos experts discovered two high-severity memory corruption vulnerabilities that can be exploited to execute arbitrary code on the targeted machine.
“Cisco Talos recently discovered two remote code execution vulnerabilities in Investintech’s Able2Extract Professional. This software is a cross-platform PDF tool for Windows, Mac and Linux that
The vulnerabilities, tracked as CVE-2019-5088 and CVE-2019-5089, can be triggered using specially crafted JPEG or BMP image files. An attacker could trigger an out-of-bounds memory write by tricking users into opening specially crafted image files using Able2Extract Professional.
“An exploitable memory corruption vulnerability exists in
The vulnerabilities affect Able2Extract Professional version 14.0.7 x64.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.