Foxit Reader < 8.3 Multiple Vulnerabilities
High Nessus Network Monitor Plugin ID 700068
SynopsisThe remote host has been observed running a version of Foxit Reader that is subject to multiple attack vectors.
DescriptionVersions of Foxit Reader prior to 8.3 are affected by the following vulnerabilities :
- An out-of-bounds write flaw exists that is triggered during the parsing of a specially crafted JPEG2000 image. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 156071)
- An unspecified NULL pointer dereference flaw exists that may allow a context-dependent attacker to cause a crash. No further details have been provided. (OSVDB 156092)
- Use-after-free errors exist that are triggered when handling the 'Annotations.arrowEnd()', 'Field.buttonSetCaption()', 'Field.getItemAt()', 'Field.insertItemAt()', 'Field.setAction()', 'Link.saveAs()', 'addAnnot()', 'exportAsFDF()', 'getAnnot()', 'getURL()', 'importAnXFDF()', 'resetForm()', 'response()', 'scroll()', and 'spawnPageFromTemplate()' methods. With a specially crafted PDF file, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code. (OSVDB 156091, OSVDB 156243, OSVDB 156247, OSVDB 156248, OSVDB 156249, OSVDB 156250, OSVDB 156251, OSVDB 156252, OSVDB 156253, OSVDB 156254, OSVDB 156255, OSVDB 156256, OSVDB 156257, OSVDB 156258, OSVDB 156259)
- Use-after-free errors exist that are triggered when handling the 'Annotations.lock', 'Annotations.style', and 'Annotations.opacity' properties. With a specially crafted PDF file, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code. (OSVDB 156244, OSVDB 156245, OSVDB 156246)
SolutionUpgrade Foxit Reader to version 8.3 or later.