Foxit Reader < 7.3.4 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 9468

Synopsis

The remote host has been observed running a version of Foxit Reader that is subject to multiple attack vectors.

Description

Versions of Foxit Reader prior to 7.3.4 are affected by the following vulnerbilities :

- A use-after-free error exists that may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 136000)
- A use-after-free condition exists that is triggered when handling FlateDecode streams. With a specially crafted PDF file, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code. (OSVDB 136001)
- A use-after-free condition exists that is triggered when handling object revision numbers. With a specially crafted PDF file, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code. (OSVDB 136002)
- An out-of-bounds read flaw exists that is triggered when decoding GIF images during PDF conversion. This may allow a context-dependent attacker to potentially disclose sensitive memory contents. (OSVDB 136003)
- A use-after-free condition exists that is triggered during the handling of XFA re-layouts. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 136004)
- A use-after-free condition exists related to the TimeOut function. With a specially crafted PDF file, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code. (OSVDB 136005)
- A use-after-free condition exists that is triggered when handling JavaScript API calls while closing a document. With a specially crafted PDF file, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code. (OSVDB 136006)
- A flaw exists that is triggered during the parsing of content streams. This may allow a context-dependent attacker to crash the process. (OSVDB 136007)
- A flaw exists that is triggered when recursively triggering PDF format errors. This may allow a context-dependent attacker to cause the application to stop responding. (OSVDB 136008)
- An out-of-bounds read flaw exists that is triggered when decoding JPEG images during PDF conversion. This may allow a context-dependent attacker to potentially disclose sensitive memory contents. (OSVDB 136251)
- An out-of-bounds read flaw exists that is triggered when decoding BMP images during PDF conversion. This may allow a context-dependent attacker to potentially disclose sensitive memory contents. (OSVDB 136252)

Solution

Upgrade Foxit Reader to version 7.3.4 or later.

See Also

https://www.foxitsoftware.com/support/security-bulletins.php#content-2016

Plugin Details

Severity: High

ID: 9468

File Name: 9468.prm

Family: CGI

Published: 2016/08/05

Modified: 2016/11/23

Dependencies: 9456

Risk Information

Risk Factor: High

CVSSv2

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:foxitsoftware:reader

Patch Publication Date: 2016/03/16

Vulnerability Publication Date: 2016/03/16

Reference Information

CVE: CVE-2016-4059, CVE-2016-4060, CVE-2016-4061, CVE-2016-4062, CVE-2016-4063, CVE-2016-4064, CVE-2016-4065