Vulnerability Note VU#1. Foxit Reader buffer overflow vulnerability. Overview. Foxit Reader contains a buffer overflow vulnerability that may allow an attacker to execute arbitrary code. Description. Foxit Reader is a PDF reader that is available on multiple operating systems. This can be exploited to cause a stack- based buffer overflow via a specially crafted PDF file. In computer security and programming, a buffer overflow, or buffer overrun, is an anomaly where a program. The techniques to exploit a buffer overflow vulnerability vary by architecture, by operating system and by memory. Foxit Reader is a PDF reader that can create, edit, sign and print PDF files. A stack buffer overflow vulnerability exists in Foxit Reader. The vulnerability occurs due to improper handling of an overly large action link.
The malicious PDF could be hosted on a web page or sent via email. Impact. A remote, unauthenticated attacker may be able to execute arbitrary code. Solution. Foxit Reader version 2. Do not open untrusted PDF files. Do not open unfamiliar or unexpected PDF attachments. Users can convert PDF documents to text or HTML by using search engine features or other hosted PDF rendering services. Vendor. Status. Date Notified. Date Updated. Foxit Software Company. Affected- 2. 7 May 2. If you are a vendor and your product is affected, let. Group. Score. Vector. Base. N/AN/ATemporal. N/AN/AEnvironmental. N/AN/AReferences. Credit. This vulnerability was published by Dyon Balding from Secunia Research. This document was written by Ryan Giobbi. Writing about the vulnerability, Cisco Talos' Earl Carter says: 'A heap buffer overflow vulnerability is present in the jpeg2000 image parser library as used by the Chrome's PDF renderer, PDFium. The vulnerability is located. PDF Shaper 3.5 - Buffer Overflow (Metasploit). Local exploit for Windows platform. Other Information. CVE IDs: CVE- 2. 00. Date Public: 2. 0 May 2. Date First Published: 2. May 2. 00. 8Date Last Updated: 2. May 2. 00. 8Severity Metric: 1. Document Revision: 2. Feedback. If you have feedback, comments, or additional information about this vulnerability, please send us email.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
January 2017
Categories |