Flaws in Able2Extract Professional lets hackers target systems with malicious image files


The Able2Extract Professional software which is a cross-platform PDF tool for Windows, Mac and Linux has more than 250,000 licensed users across 135 countries. It helps the users to view, convert and edit PDF files.

Two high-severity memory corruption vulnerabilities were discovered by security experts at Cisco Talos which could be exploited to execute arbitrary code on the targeted machine.

The vulnerabilities which has been tracked as CVE-2019-5088 and CVE-2019-5089, can be triggered using specially crafted JPEG or BMP image files. An attacker could trigger an out-of-bounds memory write by tricking users into opening specially crafted image files using Able2Extract Professional.

The vulnerabilities affect Able2Extract Professional version 14.0.7 x64.

Talos researchers have reported the vulnerabilities to Investintech on August 1 and a new version was released on November 1 to address the issues.

The technical details for both vulnerabilities are made available by the researchers. These types of security loopholes could be useful to attackers as Able2Extract Professional has a large user base.

Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    Ransomware hits Spanish companies

    Previous article

    Brooklyn Hospital Center Malware Attack

    Next article

    You may also like


    Leave a reply

    Your email address will not be published. Required fields are marked *