Foxit Reader < 5.0.2.0718 Multiple Vulnerabilities

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.


Synopsis :

A PDF viewer installed on the remote host is affected by multiple
vulnerabilities.

Description :

The version of Foxit Reader installed on the remote Windows host is
prior to 5.0.2.0718. It is, therefore, affected by multiple
vulnerabilities :

- A flaw exists in how dynamic-link library (DLL) files
are located and loaded, specifically files dwmapi.dll,
dwrite.dll, and msdrm.dll. The application uses a fixed
path to search for these files, and the path can include
directories that may not be trusted or under the user's
control. An attacker can exploit this issue, via a
crafted Trojan horse DLL file injected into the search
path, to execute arbitrary code with the privileges of
the application or the user executing the application.
(CVE-2011-3691)

- A boundary error exists in the FoxitReaderOCX ActiveX
control in the OpenFile() method due to improper
sanitization of user-supplied input. An attacker can
exploit this, via an overly long string passed to the
'strFilePath' parameter, to execute arbitrary code.
(VulnDB 74315)

See also :

http://secunia.com/secunia_research/2011-55/
http://www.nessus.org/u?8ffc67b9
http://seclists.org/bugtraq/2011/Jul/139
https://www.foxitsoftware.com/support/security-bulletins.php
https://www.foxitsoftware.com/company/press.php?id=224

Solution :

Upgrade to Foxit Reader version 5.0.2.0718 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 55671 ()

Bugtraq ID: 48836

CVE ID: CVE-2011-3691

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now