Detections
Analytics

Foxit Phantom < 2.2.0.926 Multiple Vulnerabilities

high Nessus Plugin ID 49808

Language:

Synopsis

A PDF toolkit installed on the remote Windows host is affected by multiple vulnerabilities.

Description

According to its version, the remote installation of Foxit Phantom on the Windows host is affected by multiple vulnerabilities :

 - A buffer overflow vulnerability can be triggered when handling a specially crafted PDF document with an overly long title.

 - An identity theft flaw exists relating to the way digital signatures are handled.

Solution

Upgrade to Foxit Phantom 2.2.0.926 or later.

See Also

https://www.foxitsoftware.com/pdf-editor/

http://pdfsig-collision.florz.de/

Plugin Details

Severity: High

ID: 49808

File Name: foxit_phantom_2_2_0_926.nasl

Version: 1.10

Type: local

Agent: windows

Family: Windows

Published: 10/8/2010

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:foxitsoftware:phantom

Required KB Items: installed_sw/FoxitPhantomPDF

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/29/2010

Vulnerability Publication Date: 8/18/2010

Exploitable With

Metasploit (Foxit PDF Reader v4.1.1 Title Stack Buffer Overflow)

Reference Information

BID: 43785

Secunia: 41673