Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Foxit Reader < 8.3 Multiple Vulnerabilities

High

Synopsis

The remote host has been observed running a version of Foxit Reader that is subject to multiple attack vectors.

Description

Versions of Foxit Reader prior to 8.3 are affected by the following vulnerabilities :

- An out-of-bounds write flaw exists that is triggered during the parsing of a specially crafted JPEG2000 image. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 156071) - An unspecified NULL pointer dereference flaw exists that may allow a context-dependent attacker to cause a crash. No further details have been provided. (OSVDB 156092) - Use-after-free errors exist that are triggered when handling the 'Annotations.arrowEnd()', 'Field.buttonSetCaption()', 'Field.getItemAt()', 'Field.insertItemAt()', 'Field.setAction()', 'Link.saveAs()', 'addAnnot()', 'exportAsFDF()', 'getAnnot()', 'getURL()', 'importAnXFDF()', 'resetForm()', 'response()', 'scroll()', and 'spawnPageFromTemplate()' methods. With a specially crafted PDF file, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code. (OSVDB 156091, OSVDB 156243, OSVDB 156247, OSVDB 156248, OSVDB 156249, OSVDB 156250, OSVDB 156251, OSVDB 156252, OSVDB 156253, OSVDB 156254, OSVDB 156255, OSVDB 156256, OSVDB 156257, OSVDB 156258, OSVDB 156259) - Use-after-free errors exist that are triggered when handling the 'Annotations.lock', 'Annotations.style', and 'Annotations.opacity' properties. With a specially crafted PDF file, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code. (OSVDB 156244, OSVDB 156245, OSVDB 156246)

Solution

Upgrade Foxit Reader to version 8.3 or later.