Foxit Reader < 7.2 Multiple Vulnerabilities

high Nessus Plugin ID 86698

Synopsis

A PDF viewer installed on the remote host is affected by multiple vulnerabilities.

Description

The version of Foxit Reader installed on the remote Windows host is prior to 7.2. It is, therefore, affected by multiple vulnerabilities :

- A memory overflow condition exists in the PDF creator plugin (ConvertToPDF_x86.dll) when converting a PNG file to a PDF file due to an error that occurs when copying a memory block. An attacker can exploit this to execute arbitrary code. (BID 76130)

- A memory corruption issue exists when opening certain XFA forms. An attacker can exploit this to generate files that crash the application. (BID 76132)

- A flaw exists in the PDF creaStor plugin (ConvertToPDF_x86.dll) that is triggered when handling 'tEXt' chunks in PNG images. An attacker can exploit this to execute arbitrary code.

- A heap corruption issue exists when processing malformed color table data in a GIF file. An unauthenticated, remote attacker can exploit this, via a crafted GIF file, to execute arbitrary code.

- A flaw exists when converting a TIFF file to a PDF file due to reading a VTABLE from an invalid location. An unauthenticated, remote attacker can exploit this, via a crafted TIFF image, to execute arbitrary code.

Solution

Upgrade to Foxit Reader version 7.2.0.722 or later.

See Also

https://www.zerodayinitiative.com/advisories/ZDI-15-393/

https://www.zerodayinitiative.com/advisories/ZDI-15-395/

https://www.foxitsoftware.com/support/security-bulletins.php

Plugin Details

Severity: High

ID: 86698

File Name: foxit_reader_7_2_0_0722.nasl

Version: 1.11

Type: local

Agent: windows

Family: Windows

Published: 11/2/2015

Updated: 1/2/2019

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:foxitsoftware:foxit_reader

Required KB Items: installed_sw/Foxit Reader

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/29/2015

Vulnerability Publication Date: 7/27/2015

Reference Information

BID: 76130, 76132, 76391