From securityweek.com
Serious vulnerabilities found by researchers in Investintech’s Able2Extract Professional tool can be exploited by hackers to execute arbitrary code using specially crafted image files.
According to Investintech, Able2Extract Professional has over 250,000 licensed users across 135 countries, including in 90% of Fortune 100 companies. The cross-platform tool allows users to view, convert and edit PDF files.
Researchers at Cisco Talos discovered that Able2Extract Professional is affected by two high-severity memory corruption vulnerabilities that can be leveraged to execute arbitrary code on the targeted machine.