Foxit Reader < 8.2.1 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 9985

Synopsis

The remote host has been observed running a version of Foxit Reader that is subject to multiple attack vectors.

Description

Versions of Foxit Reader prior to 8.2.1 are affected by the following vulnerabilities :

- Multiple use-after-free errors exist that are triggered as user-supplied input is not properly validated. With a specially crafted file, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code. (OSVDB 152949)
- Multiple type confusion errors exist that are triggered as user-supplied input is not properly validated. With a specially crafted file, a context-dependent attacker can potentially execute arbitrary code. (OSVDB 152950)
- Multiple unspecified out-of-bounds access flaws exist. These flaws may allow a context-dependent attacker to disclose memory contents or potentially execute arbitrary code. (OSVDB 152951)
- A flaw exists that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 152952)
- A a NULL pointer dereference error exists that is triggered when handling a specially crafted PDF file. This may allow a context-dependent attacker to cause the program to crash. (OSVDB 153018)
- An out-of-bounds read flaw exists that is triggered when handling specially crafted fonts in PDF files. This may allow a context-dependent attacker to potentially disclose sensitive information. (OSVDB 153399)
- An out-of-bounds read flaw exists that is triggered when handling specially crafted PDF files. This may allow a context-dependent attacker to potentially disclose sensitive information. (OSVDB 153400, OSVDB 153404)
- An out-of-bounds access flaw exists that is triggered when handling specially crafted Pattern objects. This may allow a context-dependent attacker to potentially execute arbitrary code. (OSVDB 153401)
- An out-of-bounds access flaw exists that is triggered when handling specially crafted XFA forms. This may allow a context-dependent attacker to potentially execute arbitrary code. (OSVDB 153402)
- An out-of-bounds access flaw exists that is triggered when handling specially crafted ePub files. This may allow a context-dependent attacker to potentially execute arbitrary code. (OSVDB 153403)
- An out-of-bounds read flaw exists that is triggered when handling specially crafted JPEG2000 files. This may allow a context-dependent attacker to potentially disclose sensitive information. (OSVDB 153405)
- An out-of-bounds read flaw exists that is triggered when handling specially crafted PDF files. This may allow a context-dependent attacker to potentially disclose sensitive information. (OSVDB 153406)
- A use-after-free error exists. The issue is triggered by a failure to validate the existence of an object before performing operations on it. This may allow a context-dependent attacker to use a specially crafted Xref object to dereference already freed memory and potentially execute arbitrary code. (OSVDB 153431)
- A use-after-free error exists in the 'execMenuItem()' function. The issue is triggered by a failure to validate the existence of an object before performing operations on it. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 153432, OSVDB 153433, OSVDB 153434)
- A use-after-free error exists in the 'deleteItemAt()' method. The issue is triggered by a failure to validate the existence of an object before performing operations on it. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 153435)
- A use-after-free error exists in the 'openDoc()' method. The issue is triggered by a failure to validate the existence of an object before performing operations on it. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 153436)
- A use-after-free error exists. The issue is triggered by a failure to validate the existence of an object before performing operations on it. This may allow a context-dependent attacker to use a specially crafted ePub file to dereference already freed memory and potentially execute arbitrary code. (OSVDB 153437)
- A use-after-free error exists in the 'buttonGetIcon()' method. The issue is triggered by a failure to validate the existence of an object before performing operations on it. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 153438)

Solution

Upgrade Foxit Reader to version 8.2.1 or later.

See Also

https://www.foxitsoftware.com/support/security-bulletins.php

Plugin Details

Severity: High

ID: 9985

File Name: 9985.prm

Family: CGI

Published: 2017/03/07

Modified: 2017/04/04

Dependencies: 9456

Risk Information

Risk Factor: High

CVSSv2

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 8.1

Temporal Score: 7.5

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:foxitsoftware:reader

Patch Publication Date: 2017/03/01

Vulnerability Publication Date: 2017/03/01

Reference Information

OSVDB: 152949, 152950, 152951, 152952, 153018, 153399, 153400, 153401, 153402, 153403, 153404, 153405, 153406, 153431, 153432, 153433, 153434, 153435, 153436, 153437, 153438