Wednesday, April 23, 2008 1:26 PM
cmosby
Foxit Reader PDF XObject Processing Memory Corruption - Advisories - Secunia
Foxit Reader PDF XObject Processing Memory Corruption
Secunia Advisory:
SA29934
Release Date:
2008-04-23
Critical:
Moderately critical
Impact:
System access
DoS
Where:
From remote
Solution Status:
Unpatched
Software:
Foxit Reader 2.x
Description:
Javier Vicente Vallejo has discovered a vulnerability in Foxit Reader, which potentially can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error within the processing of PDF files and can be exploited via a PDF file containing a specially crafted PDF XObject.
Successful exploitation may potentially allow execution of arbitrary code when opening a malicious PDF file.
NOTE: An error when processing PDF files containing a specially crafted ExtGState dictionary has also been reported.
The vulnerability is confirmed in version 2.2. Other versions may also be affected.
Solution:
Do not open untrusted PDF files.
Provided and/or discovered by:
Javier Vicente Vallejo
Original Advisory:
http://www.vallejo.cc/proyectos/foxitreader1.htm
http://www.vallejo.cc/proyectos/foxitreader2.htm
|