Detections
Analytics

Foxit Studio Photo < 3.6.6.913 Multiple Vulnerabilities

high Nessus Plugin ID 131941

Language:

Synopsis

A photo editor application installed on the remote Windows host is affected by multiple vulnerabilities.

Description

According to its self-reported version, the Foxit Studio Photo application installed on the remote Windows host is affected by multiple vulnerabilities:

- An out-of-bounds read error exist in the TIF file handler when processing InkNames of TIFFSetField due to improper validation of user-supplied data. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted file to execute arbitrary code in the context of the current process.

 - An out-of-bounds write error exists in the TIF file handler due to improper validation of user-supplied data. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted file to execute arbitrary code in the context of the current process or cause the application to stop responding.

 - An out-of-bounds read error exists in the EPS file handler due to improper validation of user-supplied data. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted file to disclose potentially sensitive information or cause the application to stop responding.

Solution

Upgrade to Foxit Studio Photo 3.6.6.913

See Also

http://www.nessus.org/u?2f244c3e

Plugin Details

Severity: High

ID: 131941

File Name: foxit_studio_photo_3_6_6_913.nasl

Version: 1.1

Type: local

Agent: windows

Family: Windows

Published: 12/11/2019

Updated: 12/11/2019

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS Score Rationale: Score based on analysis of the vendor advisory

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: manual

CVSS v3

Risk Factor: High

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:foxitsoftware:foxit_studio_photo

Required KB Items: SMB/Registry/Enumerated, installed_sw/Foxit Studio Photo

Patch Publication Date: 9/16/2019

Vulnerability Publication Date: 9/16/2019