Foxit Reader < 8.2.1 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 9985
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote host has been observed running a version of Foxit Reader that is subject to multiple attack vectors.

Description

Versions of Foxit Reader prior to 8.2.1 are affected by the following vulnerabilities :

- Multiple use-after-free errors exist that are triggered as user-supplied input is not properly validated. With a specially crafted file, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code.
- Multiple type confusion errors exist that are triggered as user-supplied input is not properly validated. With a specially crafted file, a context-dependent attacker can potentially execute arbitrary code.
- Multiple unspecified out-of-bounds access flaws exist. These flaws may allow a context-dependent attacker to disclose memory contents or potentially execute arbitrary code.
- A flaw exists that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
- A a NULL pointer dereference error exists that is triggered when handling a specially crafted PDF file. This may allow a context-dependent attacker to cause the program to crash.
- An out-of-bounds read flaw exists that is triggered when handling specially crafted fonts in PDF files. This may allow a context-dependent attacker to potentially disclose sensitive information.
- An out-of-bounds read flaw exists that is triggered when handling specially crafted PDF files. This may allow a context-dependent attacker to potentially disclose sensitive information.
- An out-of-bounds access flaw exists that is triggered when handling specially crafted Pattern objects. This may allow a context-dependent attacker to potentially execute arbitrary code.
- An out-of-bounds access flaw exists that is triggered when handling specially crafted XFA forms. This may allow a context-dependent attacker to potentially execute arbitrary code.
- An out-of-bounds access flaw exists that is triggered when handling specially crafted ePub files. This may allow a context-dependent attacker to potentially execute arbitrary code.
- An out-of-bounds read flaw exists that is triggered when handling specially crafted JPEG2000 files. This may allow a context-dependent attacker to potentially disclose sensitive information.
- An out-of-bounds read flaw exists that is triggered when handling specially crafted PDF files. This may allow a context-dependent attacker to potentially disclose sensitive information.
- A use-after-free error exists. The issue is triggered by a failure to validate the existence of an object before performing operations on it. This may allow a context-dependent attacker to use a specially crafted Xref object to dereference already freed memory and potentially execute arbitrary code.
- A use-after-free error exists in the 'execMenuItem()' function. The issue is triggered by a failure to validate the existence of an object before performing operations on it. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
- A use-after-free error exists in the 'deleteItemAt()' method. The issue is triggered by a failure to validate the existence of an object before performing operations on it. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
- A use-after-free error exists in the 'openDoc()' method. The issue is triggered by a failure to validate the existence of an object before performing operations on it. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
- A use-after-free error exists. The issue is triggered by a failure to validate the existence of an object before performing operations on it. This may allow a context-dependent attacker to use a specially crafted ePub file to dereference already freed memory and potentially execute arbitrary code.
- A use-after-free error exists in the 'buttonGetIcon()' method. The issue is triggered by a failure to validate the existence of an object before performing operations on it. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.

Solution

Upgrade Foxit Reader to version 8.2.1 or later.

See Also

https://www.foxitsoftware.com/support/security-bulletins.php

Plugin Details

Severity: High

ID: 9985

Family: CGI

Published: 3/7/2017

Updated: 3/6/2019

Dependencies: 9456

Risk Information

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.5

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:2.3:a:foxitsoftware:reader:*:*:*:*:*:*:*:*

Patch Publication Date: 3/1/2017

Vulnerability Publication Date: 3/1/2017