Foxit Reader < 7.2 Multiple Vulnerabilities
High Nessus Plugin ID 86698
SynopsisA PDF viewer installed on the remote host is affected by multiple vulnerabilities.
DescriptionThe version of Foxit Reader installed on the remote Windows host is prior to 7.2. It is, therefore, affected by multiple vulnerabilities :
- A memory overflow condition exists in the PDF creator plugin (ConvertToPDF_x86.dll) when converting a PNG file to a PDF file due to an error that occurs when copying a memory block. An attacker can exploit this to execute arbitrary code. (BID 76130)
- A memory corruption issue exists when opening certain XFA forms. An attacker can exploit this to generate files that crash the application. (BID 76132)
- A flaw exists in the PDF creaStor plugin (ConvertToPDF_x86.dll) that is triggered when handling 'tEXt' chunks in PNG images. An attacker can exploit this to execute arbitrary code. (VulnDB 125418)
- A heap corruption issue exists when processing malformed color table data in a GIF file. An unauthenticated, remote attacker can exploit this, via a crafted GIF file, to execute arbitrary code. (VulnDB 126400)
- A flaw exists when converting a TIFF file to a PDF file due to reading a VTABLE from an invalid location. An unauthenticated, remote attacker can exploit this, via a crafted TIFF image, to execute arbitrary code.
SolutionUpgrade to Foxit Reader version 126.96.36.1992 or later.