CVE-2011-4221

Investintech.com Able2Doc/Able2Doc Pro - DoS/Code Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2011-4221.

AI-analyzed exploit summary This exploit generates a malformed PDF file with a large buffer overflow payload followed by a 'startxref' string, targeting a vulnerability in SlimPDF Reader 1.0. The PoC demonstrates a DoS condition by crashing the application when the file is opened.

Description

Unspecified vulnerability in Investintech.com Able2Doc and Able2Doc Professional allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document.

Exploits (3)

exploitdb WORKING POC
pythondoswindows
https://www.exploit-db.com/exploits/19391

This exploit generates a malformed PDF file with a large buffer overflow payload followed by a 'startxref' string, targeting a vulnerability in SlimPDF Reader 1.0. The PoC demonstrates a DoS condition by crashing the application when the file is opened.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: SlimPDF Reader 1.0
No auth needed
Prerequisites: SlimPDF Reader 1.0 installed on the target system
devstral-2 · analyzed Feb 19, 2026 Full analysis →
exploitdb WORKING POC
pythondoswindows
https://www.exploit-db.com/exploits/19392

This exploit generates a malformed PDF file with an oversized buffer (12000 'A' characters) followed by a 'startxref' string, designed to trigger a memory corruption vulnerability in Able2Extract and Able2Extract Server v6.0. The PoC creates a file that, when opened, may cause a crash or arbitrary code execution due to improper handling of the PDF structure.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Theoretical
Target: Able2Extract and Able2Extract Server v6.0
No auth needed
Prerequisites: Ability to deliver the malicious PDF file to the target system
devstral-2 · analyzed Feb 19, 2026 Full analysis →
exploitdb WORKING POC
pythondoswindows
https://www.exploit-db.com/exploits/19393

This exploit generates a malformed PDF file with an oversized buffer (13000 'B' characters) followed by a 'startxref' string, triggering a memory corruption vulnerability in Able2Doc and Able2Doc Professional v6.0. The PoC is designed to cause a crash, demonstrating the vulnerability.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Able2Doc and Able2Doc Professional v6.0
No auth needed
Prerequisites: Victim must open the malformed PDF file
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/71096
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/275036

Scores

EPSS 0.0748
EPSS Percentile 93.7%

Details

Status published
Products (1)
investintech/able2doc (2 CPE variants)
Published Nov 01, 2011
Tracked Since Feb 18, 2026