Detections
Analytics
Foxit Reader < 8.3 Multiple Vulnerabilities
high Nessus Network Monitor Plugin ID 700068
Synopsis
The remote host has been observed running a version of Foxit Reader that is subject to multiple attack vectors.Description
Versions of Foxit Reader prior to 8.3 are affected by the following vulnerabilities :- An out-of-bounds write flaw exists that is triggered during the parsing of a specially crafted JPEG2000 image. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
- An unspecified NULL pointer dereference flaw exists that may allow a context-dependent attacker to cause a crash. No further details have been provided.
- Use-after-free errors exist that are triggered when handling the 'Annotations.arrowEnd()', 'Field.buttonSetCaption()', 'Field.getItemAt()', 'Field.insertItemAt()', 'Field.setAction()', 'Link.saveAs()', 'addAnnot()', 'exportAsFDF()', 'getAnnot()', 'getURL()', 'importAnXFDF()', 'resetForm()', 'response()', 'scroll()', and 'spawnPageFromTemplate()' methods. With a specially crafted PDF file, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code.
- Use-after-free errors exist that are triggered when handling the 'Annotations.lock', 'Annotations.style', and 'Annotations.opacity' properties. With a specially crafted PDF file, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code.
Solution
Upgrade Foxit Reader to version 8.3 or later.See Also
https://www.foxitsoftware.com/support/security-bulletins.php
Plugin Details
Severity: High
ID: 700068
Family: CGI
Published: 4/28/2017
Updated: 3/6/2019
Vulnerability Information
CPE: cpe:/a:foxitsoftware:reader
Patch Publication Date: 4/18/2017
Vulnerability Publication Date: 4/18/2017