Foxit Reader < 6.1.4 imgseg.dll Path Subversion Arbitrary DLL Injection Code Execution

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

A PDF viewer installed on the remote Windows host is affected by a DLL
loading vulnerability.

Description :

According to its version, the installation of Foxit Reader on the
remote Windows host is potentially affected by a DLL loading
vulnerability that occurs when the program searches for a DLL file in
the current working directory. Attackers could exploit this issue by
placing a specially crafted DLL file and another file associated with
the application in a location controlled by the attacker. When the
associated file is launched, the attacker's arbitrary code can be
executed.

See also :

http://www.foxitsoftware.com/support/security_bulletins.php#FRD-19

Solution :

Upgrade to Foxit Reader 6.1.4.0217 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 72723 ()

Bugtraq ID: 65697

CVE ID: