Apparent distrust of Adobe PDF Reader has increased the popularity of my preferred alternate PDF application, Sumatra PDF. It appears that the popularity has also attracted additional attention. From Security Focus (http://www.securityfocus.com/bid/41276/discuss):
QuoteSumatra PDF is prone to an unspecified denial-of-service vulnerability.
An attacker can exploit this issue to crash the affected application, resulting in a denial-of-service condition.
Sumatra PDF 1.1 is vulnerable; other versions may also be affected.
From the exploit information at Security Focus (http://downloads.securityfocus.com/vulnerabilities/exploits/41276.py):
Quote
Vulnerability Detection Time : 21st June 2010, 1:13 AM
Tested on version 1.1 of Sumara PDF Reader
Nature : Accidental Discovery
Description : Sumatra PDF Reader crashed while testing recovered PDF
Files from a HardDisk. PDF Files recovered using Forensic
Tools were large in size. DoS code has been optimised to
implement the crash with reduced file-size.
Notes : This source can be modified after analyzing the crash appcompat
files to write shell bind / other payloaded exploits.
Sumatra PDR Reader crashed when PDF Files were already
associated to launch it.
From http://forums.fofou.org/sumatrapdf/topic?id=765321#767321
QuoteThis issue has been fixed already in what will become SumatraPDF 1.2. You can download a prerelease build for verifying this from http://blog.kowalczyk.info/software/sumatrapdf/prerelase.html
and http://forums.fofou.org/sumatrapdf/topic?id=765321#807321
Quote
Calling it an exploit or a denial of service is an exaggeration.
It's a crash, just like any other crash. Some crashes lead to an exploit but most don't and this one hasn't been shown to lead to an exploit.
Thus, we'll treat it as just any other ordinary crash i.e. it got fixed but we won't release an update every time a crash is fixed.