CVE-2011-4222

Investintech.com Able2Extract - DoS/Code Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2011-4222. PoCs published by Carlos Mario Penagos Hollmann.

AI-analyzed exploit summary This exploit generates a malformed PDF file with a large buffer overflow payload followed by a 'startxref' string, targeting a vulnerability in Investintech's software. The PoC is designed to crash the application, demonstrating a denial-of-service condition.

Description

Unspecified vulnerability in Investintech.com Able2Extract and Able2Extract Server allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Carlos Mario Penagos Hollmann · pythondoswindows
https://www.exploit-db.com/exploits/19391

This exploit generates a malformed PDF file with a large buffer overflow payload followed by a 'startxref' string, targeting a vulnerability in Investintech's software. The PoC is designed to crash the application, demonstrating a denial-of-service condition.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Investintech software (version 1.0)
No auth needed
Prerequisites: None
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Carlos Mario Penagos Hollmann · pythondoswindows
https://www.exploit-db.com/exploits/19392

This exploit generates a malformed PDF file with a large buffer overflow payload followed by a 'startxref' string, targeting a memory corruption vulnerability in Able2Extract and Able2Extract Server v6.0. The PoC is designed to trigger a crash or potential code execution when the file is processed.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Able2Extract and Able2Extract Server v6.0
No auth needed
Prerequisites: Ability to deliver the malicious PDF file to the target system
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Carlos Mario Penagos Hollmann · pythondoswindows
https://www.exploit-db.com/exploits/19393

This exploit generates a malformed PDF file with a large buffer overflow payload followed by a 'startxref' string, targeting a memory corruption vulnerability in Able2Doc and Able2Doc Professional v6.0. The PoC is designed to trigger a crash or potential arbitrary code execution when the victim opens the crafted PDF.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Able2Doc and Able2Doc Professional v6.0
No auth needed
Prerequisites: Victim must open the crafted PDF file
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/71095
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/275036

Scores

EPSS 0.0748
EPSS Percentile 93.7%

Details

Status published
Products (2)
investintech/able2extract
investintech/able2extract_server
Published Nov 01, 2011
Tracked Since Feb 18, 2026