Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Foxit Reader < 8.0.2 Multiple Vulnerabilities

High

Synopsis

The remote host has been observed running a version of Foxit Reader that is subject to multiple attack vectors.

Description

Versions of Foxit Reader prior to 8.0.2 are affected by the following vulnerbilities :

- An out-of-bounds access flaw is triggered during the handling of 'JPXDecode' streams. This may allow a context-dependent attacker to disclose memory or potentially execute arbitrary code. (OSVDB 142700) - A flaw is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 142701) - An out-of-bounds read flaw exists in the 'ConvertToPDF' plugin that is triggered during the handling of a specially crafted BMP image. This may allow a context-dependent attacker to disclose memory. (OSVDB 142702) - An unspecified DLL hijacking flaw may allow a context-dependent attacker to potentially execute arbitrary code. No further details have been provided. (OSVDB 142703) - A flaw is triggered as certain input is not properly validated when handling JPEG2000 images. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 142704) - An out-of-bounds access flaw is triggered during the handling of a specially crafted JPEG2000 image. This may allow a context-dependent attacker to disclose memory or potentially execute arbitrary code. (OSVDB 142705) - An out-of-bounds access flaw in the 'ConvertToPDF' plugin is triggered during the handling of a specially crafted TIFF image. This may allow a context-dependent attacker to disclose memory or potentially execute arbitrary code. (OSVDB 142706) - A use-after-free error is triggered when handling 'FlateDecode' streams. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 142707)

Solution

Upgrade Foxit Reader to version 8.0.2 or later.