Foxit Reader JPEG2000 / JBIG Decoder Add-On < 2.0.2009.616 Multiple Vulnerabilities

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

A PDF viewer installed on the remote host is affected by multiple
vulnerabilities.

Description :

The Foxit Reader application installed on the remote Windows host
includes an optional JPEG2000 / JBIG Decoder add-on that is prior to
version 2.0.2009.616. It is, therefore affected by multiple
vulnerabilities :

- A out-of-bounds read error exists in the add-on due to
improper handling of a negative value for the stream
offset in a JPEG2000 (JPX) stream. An unauthenticated,
remote attacker can exploit this, via a crafted PDF
file, to cause a denial of service or to execute
arbitrary code. (CVE-2009-0690)

- A flaw exists in the add-on due to improper handling of
an unspecified fatal error during the decoding of a
JPEG2000 (JPX) header. An unauthenticated, remote
attacker can exploit this, via a crafted PDF file, to
cause a denial of service or to execute arbitrary code.
(CVE-2009-0691)

See also :

https://www.foxitsoftware.com/support/security-bulletins.php
https://www.foxitsoftware.com/company/press.php?id=124

Solution :

Upgrade to Foxit Reader version 3.0 Build 1817 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 39481 (foxit_reader_jbig_2_0_2009_616.nasl)

Bugtraq ID: 35442
35443

CVE ID: CVE-2009-0690
CVE-2009-0691

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now