Ora Tools PDF Reader Arbitrary File Overwrite Vulnerability Allowing Code Execution

An arbitrary file overwrite vulnerability has been identified in the Ora Tools PDF Reader 'Reader & Editor' app, version 4.3.5. This vulnerability allows attackers to overwrite critical internal files through the file import process, potentially leading to arbitrary code execution or unauthorized information exposure. The issue arises from inadequate security validation during file imports, enabling malicious apps to exploit directory traversal and access sensitive data stored in the app's internal storage. This extracted data can be written to shared external storage, where it is accessible to other applications on the device.

Impact

Exploitation of this vulnerability could result in arbitrary code execution or unauthorized access to sensitive information, depending on the nature of the overwritten files. In some cases, reading certain credential files could lead to account hijacking.

Reproduction

The vulnerability can be reproduced by using a malicious app that exploits the directory traversal flaw in the PDF Reader app. Once the victim opens the malicious app, it can automatically access sensitive files from the PDF Reader's internal storage and overwrite critical files, leading to code execution or information exposure.