Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Foxit Reader < 8.2 Multiple Vulnerabilities

Medium

Synopsis

The remote host has been observed running a version of Foxit Reader that is subject to multiple attack vectors.

Description

Versions of Foxit Reader prior to 8.2 are affected by the following vulnerabilities :

- An out-of-bounds write flaw exists that is triggered during the handling of a specially crafted JPEG2000 image. This may allow a context-dependent attacker to potentially execute arbitrary code. (OSVDB 150026, OSVDB 150029, OSVDB 150035) - An out-of-bounds read flaw exists that is triggered during the handling of a specially crafted JPEG2000 image. This may allow a context-dependent attacker to disclose potentially sensitive information. (OSVDB 150027, OSVDB 150030, OSVDB 150034) - A use-after-free error exists that is triggered when handling dialog boxes when closing documents. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 150028) - An out-of-bounds read flaw exists that is triggered during the handling of a specially crafted font. This may allow a context-dependent attacker to disclose potentially sensitive information. (OSVDB 150031) - A use-after-free flaw exists that is due to the program failing to properly verify the existence of objects before performing actions when handling 'setInterval'. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 150032) - An out-of-bounds read flaw exists that is triggered during the handling of a specially crafted JPEG image. This may allow a context-dependent attacker to disclose potentially sensitive information. (OSVDB 150033) - A flaw exists in ConvertToPDF. The issue is triggered as certain input is not properly validated when handling TIFF files. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 150036)

Solution

Upgrade Foxit Reader to version 8.2 or later.