Foxit Advanced PDF Editor 3.x < 3.0.4.0 Security Cookie Stack-based Buffer Overflow

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an application that is affected by a buffer
overflow vulnerability.

Description :

The version of Foxit Advanced PDF Editor is 3.x prior to 3.0.4.0. As
such, it is affected by a stack-based buffer overflow vulnerability
triggered when a document reconstructs the security cookie.

An attacker could exploit this issue by tricking a user into opening a
specially crafted document, resulting in arbitrary code execution.

See also :

http://www.foxitsoftware.com/support/security_bulletins.php#FPAE-1

Solution :

Upgrade to Foxit Advanced PDF Editor 3.0.4.0 or later.

Risk factor :

High / CVSS Base Score : 7.6
(CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.6
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 65614 ()

Bugtraq ID: 57558

CVE ID: CVE-2013-0107

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now