Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Foxit Reader < 7.3.0 Multiple Vulnerabilities

High

Synopsis

The remote host has been observed running a version of Foxit Reader that is subject to multiple attack vectors.

Description

Versions of Foxit Reader prior to 7.3.0 are affected by the following vulnerbilities :

- A use-after-free error exists that is triggered when parsing fonts. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 133452) - A use-after-free error exists that is triggered when handling the 'global.setPersistent()' method. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 133453) - A use-after-free error exists that is triggered when handling the 'WillClose' action. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 133454) - A user-after-free condition exists that is triggered when handling PDF files containing images. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 133455) - An integer overflow condition exists that is triggered when handling XFA 'FormCalc replace'. This may allow a context-dependent attacker to potentially execute arbitrary code. (OSVDB 133456) - An out-of-bounds access flaw exists that is triggered when handling JBIG2 content. This may allow a context-dependent attacker to potentially execute arbitrary code. (OSVDB 133457) - An unspecified flaw exists that is triggered when parsing PDF files with malformed images. This may allow a context-dependent attacker to crash the program. (OSVDB 133458) - An overflow condition exists in 'ConvertToPDF_x86.dll' that is triggered when converting BMP images. With a specially crafted image, a context-dependent attacker can cause a heap-based buffer overflow, potentially allowing the execution of arbitrary code. (OSVDB 133459) - A use-after-free error exists related to improper use of the Gdiplus API. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 133460) - A flaw exists that is triggered when loading certain dynamic-link libraries including 'xpsp2res.dll' or 'phoneinfo.dll'. The program uses an insecure path to look for specific files or libraries that includes the current working directory, which may not be trusted or under user control. By placing a specially crafted library in the path and tricking a user into opening an unspecified file e.g. located on a remote WebDAV share, a context-dependent attacker can inject and execute arbitrary code with the privilege of the user running the program. (OSVDB 133461)

Solution

Upgrade Foxit Reader to version 7.3.0 or later.