Foxit Advanced PDF Editor 3.x < 3.0.4.0 Security Cookie Stack-based Buffer Overflow

high Nessus Plugin ID 65614

Synopsis

The remote Windows host has an application that is affected by a buffer overflow vulnerability.

Description

The version of Foxit Advanced PDF Editor is 3.x prior to 3.0.4.0. As such, it is affected by a stack-based buffer overflow vulnerability triggered when a document reconstructs the security cookie.

An attacker could exploit this issue by tricking a user into opening a specially crafted document, resulting in arbitrary code execution.

Solution

Upgrade to Foxit Advanced PDF Editor 3.0.4.0 or later.

See Also

https://www.foxitsoftware.com/support/security-bulletins.php#FPAE-1

Plugin Details

Severity: High

ID: 65614

File Name: foxit_advanced_pdf_editor_3_0_4.nasl

Version: 1.4

Type: local

Agent: windows

Family: Windows

Published: 3/19/2013

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.6

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:foxitsoftware:foxit_advanced_pdf_editor

Required KB Items: SMB/Foxit_pdf_editor/Installed

Exploit Ease: No known exploits are available

Patch Publication Date: 1/25/2013

Vulnerability Publication Date: 1/14/2013

Reference Information

CVE: CVE-2013-0107

BID: 57558

CERT: 275219