Foxit Reader < Multiple Vulnerabilities

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.

Synopsis :

A PDF viewer installed on the remote host is affected by multiple

Description :

The version of Foxit Reader installed on the remote Windows host is
prior to It is, therefore, affected by multiple
vulnerabilities :

- A flaw exists in how dynamic-link library (DLL) files
are located and loaded, specifically files dwmapi.dll,
dwrite.dll, and msdrm.dll. The application uses a fixed
path to search for these files, and the path can include
directories that may not be trusted or under the user's
control. An attacker can exploit this issue, via a
crafted Trojan horse DLL file injected into the search
path, to execute arbitrary code with the privileges of
the application or the user executing the application.

- A boundary error exists in the FoxitReaderOCX ActiveX
control in the OpenFile() method due to improper
sanitization of user-supplied input. An attacker can
exploit this, via an overly long string passed to the
'strFilePath' parameter, to execute arbitrary code.
(VulnDB 74315)

See also :

Solution :

Upgrade to Foxit Reader version or later.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.3
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 55671 ()

Bugtraq ID: 48836

CVE ID: CVE-2011-3691

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now