Foxit Reader < 6.1.4 imgseg.dll Path Subversion Arbitrary DLL Injection Code Execution

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Synopsis :

A PDF viewer installed on the remote Windows host is affected by a DLL
loading vulnerability.

Description :

According to its version, the installation of Foxit Reader on the
remote Windows host is potentially affected by a DLL loading
vulnerability that occurs when the program searches for a DLL file in
the current working directory. Attackers could exploit this issue by
placing a specially crafted DLL file and another file associated with
the application in a location controlled by the attacker. When the
associated file is launched, the attacker's arbitrary code can be

See also :

Solution :

Upgrade to Foxit Reader or later.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 72723 ()

Bugtraq ID: 65697