Search
Send enquiry
  • Advisories

Vulnerability in neo42 Sumatra PDF Package

Sumatra PDF is an open-source PDF reader. The vulnerability was found in the installer for this product shipped by neo42 for Matrix 42 Unified Endpoint Management.

Bug
Timeline

Local privilege escalation vulnerability in neo42 Sumatra PDF Package

The installer package used a folder that was writeable by unprivileged users to store executables. An attacker with access to the system could have manipulated these executables to gain SYSTEM privileges.

The vulnerability was acknowledged and fixed by neo42 within 4 weeks. We want to thank neo42 for their exemplary reaction to the vulnerability report.

CVSS Score
7.8

CVSS Vector String
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Version
neo42 Sumatra PDF Package Version 3.4.6.0

Mitigation
The vulnerability can be resolved by using the newest version of the installer provided by neo42.

Credits
Kolja Grassmann <kolja.grassmann@cirosec.de>

Timeline

2023-10-06

Vulnerability found

2023-10-18

Vendor was contacted and informed about the vulnerability

2023-10-18

Initial response from vendor

2023-11-07

Vendor informs us that the issue was resolved

Do you want to protect your systems? Get in touch with us.

Send Enquiry
Contact Details

Competent IT security consulting, pentests, incident response and training

Ferdinand-Braun-Straße 4
74074 Heilbronn, Germany
Quicklinks
Social Media
Legal
Search
Search