Foxit Studio Photo < 3.6.6.916 Out-of-Bounds Read Vulnerability

high Nessus Plugin ID 131942

Synopsis

A photo editor application installed on the remote Windows host is affected by an Out-of-Bounds Read vulnerability.

Description

According to its self-reported version, the Foxit Studio Photo application installed on the remote Windows host is affected by an out-of-bounds read error in the preview creation of EPS files due to improper validation of user-supplied data. An unauthenticated, remote attacker can exploit this, to disclose potentially sensitive information or cause the application to stop responding.

Solution

Upgrade to Foxit Studio Photo 3.6.6.916 or later.

See Also

http://www.nessus.org/u?2f244c3e

Plugin Details

Severity: High

ID: 131942

File Name: foxit_studio_photo_3_6_6_916.nasl

Version: 1.1

Type: local

Agent: windows

Family: Windows

Published: 12/11/2019

Updated: 12/11/2019

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS Score Rationale: Score based on analysis of the vendor advisory

CVSS v2

Risk Factor: High

Base Score: 7.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:C

CVSS Score Source: manual

CVSS v3

Risk Factor: High

Base Score: 7.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

Vulnerability Information

CPE: cpe:/a:foxitsoftware:foxit_studio_photo

Required KB Items: SMB/Registry/Enumerated, installed_sw/Foxit Studio Photo

Patch Publication Date: 10/18/2019

Vulnerability Publication Date: 10/18/2019