Detections
Analytics
Foxit Reader < 7.2.2 Multiple Vulnerabilities
critical Nessus Network Monitor Plugin ID 9459
Synopsis
The remote host has been observed running a version of Foxit Reader that is subject to multiple attack vectors.Description
Versions of Foxit Reader prior to 7.2.2 are affected by the following vulnerbilities :- An overflow condition exists that is triggered as user-supplied input is not properly validated when handling secured PDF files. This may allow a context-dependent attacker to cause a heap-based buffer overflow, potentially allowing the execution of arbitrary code.
- A palette index overflow issue exists that is triggered when handling incorrect GIF data in a crafted PDF file that is being debugged by 'GFlags.exe'. This may allow a context-dependent attacker to cause the program to crash or potentially execute arbitrary code.
- A flaw exists in 'FGLags.exe' that is triggered when handling inline images during the debugging of a crafted PDF file. This may allow a context-dependent attacker to execute arbitrary code.
- An out-of-bounds access flaw exists that is triggered when handling incorrect JPEG data in XFA forms. This may allow a context-dependent attacker to potentially execute arbitrary code.
- A flaw exists in the 'CloseDocument()' function that is triggered when handling a specially crafted PDF file. This may allow a context-dependent attacker to crash the application or potentially execute arbitrary code.
- A use-after-free condition exists that is triggered when handling the App object in a PDF file being saved. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
- A use-after-free error exists in the 'print()' function. The issue is triggered when handling app references after closing a document. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
- A flaw exists that is triggered during the handling of PDF files that contain recursive structure or recursive length definition in Stream objects. This may allow a context-dependent attacker to crash the application or potentially execute arbitrary code.
- A flaw exists in the Cloud Update service. The issue is triggered as user-supplied input is not properly validated when writing data to a shared memory region. This may allow a local attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code.
- An unspecified flaw exists that may allow an attacker to execute arbitrary code. No further details have been provided.
Solution
Upgrade Foxit Reader to version 7.2.2 or later.See Also
https://www.foxitsoftware.com/support/security-bulletins.php#FRD-33
https://www.foxitsoftware.com/support/security-bulletins.php#FRD-34
https://www.foxitsoftware.com/support/security-bulletins.php#FRD-35
https://www.foxitsoftware.com/support/security-bulletins.php#FRD-36
https://www.foxitsoftware.com/support/security-bulletins.php#FRD-37
https://www.foxitsoftware.com/support/security-bulletins.php#FRD-38
https://www.foxitsoftware.com/support/security-bulletins.php#FRD-39
https://www.foxitsoftware.com/support/security-bulletins.php#FRD-40
https://www.foxitsoftware.com/support/security-bulletins.php#FRD-41
https://www.foxitsoftware.com/support/security-bulletins.php#FRD-42
Plugin Details
Severity: Critical
ID: 9459
Family: CGI
Published: 8/5/2016
Updated: 3/6/2019
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 7.7
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 9.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:foxitsoftware:reader
Patch Publication Date: 10/8/2015
Vulnerability Publication Date: 10/8/2015
Reference Information
CVE: CVE-2015-8580, CVE-2015-8843