Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Foxit Reader < 7.1 Multiple Vulnerabilities

High

Synopsis

The remote host has been observed running a version of Foxit Reader that is subject to multiple memory corruption attack vectors.

Description

Versions of Foxit Reader client software prior to 7.1 are affected by the following vulnerbilities :

- A flaw exists that is triggered as user-supplied input is not properly validated when converting a GIF file with an invalid value in LZWMinimumCodeSize. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 119302) - A flaw exists that is triggered as user-supplied input is not properly validated when converting a GIF file with an invalid value in Ubyte Size in its DataSubBlock structure. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 119303)

Solution

Upgrade Foxit Reader to version 7.1 or later.