GFI LANguard - Vulnerability scanning and patch management. Download a free trial!

Main Menu

Free Services

Critical Alerts

- 28 May 2008

Adobe Flash Player Unspecified Remote Code Execution Vulnerability

 

- 11 Mar 2008

Microsoft Excel Multiple Remote Code Execution Vulnerabilities

 

- 16 Jan 2008

Microsoft Excel File Handling Remote Arbitrary Code Execution Vulnerability

 

- 13 Dec 2007

JustSystems Ichitaro "JSGCI.DLL" Document Processing Remote Buffer Overflow Vulnerability

 

- 11 Dec 2007

Microsoft Internet Explorer Multiple Remote Memory Corruption Vulnerabilities

 

Advisories » Foxit Reader "util.printf()" Remote Buffer Overflow Vulnerability

 

Release Date: 20/05/2008 Severity: Highly Critical Highly Critical
SecWatch Advisory: SWID1021240 Cause: Boundary error
Solution Status: Unpatched Impact: Execution of arbitrary code
Exploit Status: None Available Access Vector: From remote
 
Affected Software: Foxit Reader 2.x
 
Original Advisory: http://secunia.com/secunia_research/2008-18/
References: FrSIRT/ADV-2008-1572
CVE: CVE-2008-1104
Secunia: SA29941
Bugtraq ID: BID#29288

 

Description:

A vulnerability in Foxit Reader has been reported, which can be exploited by remote users to compromise a user's system.

A boundary error exists when parsing crafted PDF files within the "util.printf()" JavaScript function, which can be exploited to cause a stack-based buffer overflow and execute arbitrary code.

 

Affected:

Foxit Reader version 2.3 build 2825. Other versions may also be affected.

 

Solution:

The vulnerability is fixed in upcoming version 2.3 build 2912.

 

Credits:

Secunia Research

 

Free Vulnerability Notification Service

Receive free instant and customisable notifications of new vulnerabilities or exploits via e-mail, web or RSS feeds. Click here for more information.

 

Related Vulnerabilities and Exploits

23 Apr 08: Foxit Reader PDF "ExtGState" and "XObject" Processing Remote Memo..

23 Apr 07: Foxit Reader 2.0 PDF Handling Remote Denial of.. (FoxitReader_DoS.cpp)