Detections
Analytics

Foxit Studio Photo < 3.6.6.925 Out-of-Bounds Read Vulnerability

critical Nessus Plugin ID 139412

Language:

Synopsis

A photo editor application installed on the remote Windows host is affected by an Out-of-Bounds Read vulnerability.

Description

According to its self-reported version, the Foxit Studio Photo application installed on the remote Windows host is affected by an out-of-bounds read error in the use of PNG files to improper validation of user-supplied data. An unauthenticated, remote attacker can exploit this, to disclose potentially sensitive information or cause the application to stop responding.

Solution

Upgrade to Foxit Studio Photo 3.6.6.925 or later.

See Also

http://www.nessus.org/u?2f244c3e

Plugin Details

Severity: Critical

ID: 139412

File Name: foxit_studio_photo_3_6_6_925.nasl

Version: 1.1

Type: local

Agent: windows

Family: Windows

Published: 8/7/2020

Updated: 8/7/2020

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS Score Rationale: Score based on analysis of the vendor advisory

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: manual

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:foxitsoftware:foxit_studio_photo

Required KB Items: SMB/Registry/Enumerated, installed_sw/Foxit Studio Photo

Patch Publication Date: 7/15/2020

Vulnerability Publication Date: 7/15/2020