SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Foxit Reader Vendors:   Foxit Software
Foxit Reader createDataObject() Bug Lets Remote Users Create or Overwrite Arbitrary Files
SecurityTracker Alert ID:  1025219
SecurityTracker URL:  http://securitytracker.com/id/1025219
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 16 2011
Impact:   Modification of system information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): prior to 4.3.1.0218
Description:   A vulnerability was reported in Foxit Reader. A remote user can create or overwrite files on the target user's system.

A remote user can create a specially crafted file that, when loaded by the target user, will invoke the createDataObject() function to create or overwrite arbitrary files with arbitrary content on the target system.

The original advisory is available at:

http://scarybeastsecurity.blogspot.com/2011/03/dangerous-file-write-bug-in-foxit-pdf.html

Chris Evans reported this vulnerability.

Impact:   A remote user can create a file that, when loaded by the target user, will create or overwrite arbitrary files with arbitrary content on the target user's system.
Solution:   The vendor silently issued this fix (4.3.1.0218).
Vendor URL:  www.foxitsoftware.com/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC