漏洞信息
Foxit Reader is a multilingual freemium PDF tool that can create, view, edit, digitally sign, and print PDF files.
Foxit Reader is prone to the following vulnerabilities:
A remote user can create a specially crafted file that, when loaded by the target user, will execute arbitrary code or access potentially sensitive information on the target user's system.
An out-of-bounds memory read or write error may occur in TIFF parsing.
A use-after-free memory error may occur in processing FlateDecode Streams.
An out-of-bounds memory read or write error may occur in JPEG2000 parsing.
A memory corruption error may occur in JPEG2000 parsing.
An out-of-bounds memory read or write error may occur in JPXDecode stream processing.
A remote user can create a specially crafted BMP file that, when loaded by the target user, will trigger an out-of-bounds memory read error to access potentially sensitive information on the target user's system.
A remote user can exploit a DLL hijacking flaw to execute arbitrary code on the target system.
A remote user can trigger memory corruption errors to cause the target application to crash.
Affected Version
Foxit Reader 8.0.0.624 and earlier
Foxit PhantomPDF 8.0.1.628 and earlier
漏洞危害
A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can cause the target application to crash.
A remote user can obtain potentially sensitive information on the target system.
解决方案
The vendor has issued a fix (8.0.2 for Windows). The updates can be downloaded from Foxit Download Web site.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
www.0daybank.org
文章评论