SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Foxit Reader Vendors:   Foxit Software
Foxit Reader Multiple Bugs Let Remote Users Execute Arbitrary Code and Deny Service and Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1035295
SecurityTracker URL:  http://securitytracker.com/id/1035295
CVE Reference:   CVE-2016-4059, CVE-2016-4060, CVE-2016-4061, CVE-2016-4062, CVE-2016-4063, CVE-2016-4064, CVE-2016-4065   (Links to External Site)
Updated:  Apr 23 2016
Original Entry Date:  Mar 16 2016
Impact:   Denial of service via network, Execution of arbitrary code via network, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 7.2.8.1124 and prior
Description:   Several vulnerabilities were reported in Foxit Reader. A remote user can cause arbitrary code to be executed on the target user's system. A local user can obtain elevated privileges on the target system. A remote user can cause denial of service conditions on the target system.

A remote user can create a specially crafted file that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.

A use-after-free memory error may occur in Font Parsing.

A use-after-free memory error may occur in Global setPersistent.

A use-after-free memory error may occur in WillClose Action.

A use-after-free memory error may occur in Microsoft Windows Gdiplus GpRuntime::GpLock::GpLock.

Arbitrary code may be executed when opening specially crafted PDF file with images.

An integer overflow may occur in XFA FormCalc Replace.

An out-of-bounds memory read may occur in JBIG2.

A remote user can create a file with specially crafted images or image data that, when loaded by the target user, will cause the target user's application to crash.

The application does not safely load 'xpsp2res.dll' and 'phoneinfo.dll'. A local user can place a specially crafted DLL file on the target system. When the target user runs Foxit Reader, arbitrary code will be executed on the target system with the privileges of the target user.


Impact:   A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.

A remote user can create content that, when loaded by the target user, will cause the target user's application to crash.

A local user can obtain elevated privileges on the target system.
Solution:   The vendor has issued a fix (7.3.0.0118) [in January 2016].

The vendor's advisory is available at:

https://www.foxitsoftware.com/support/security-bulletins.php#content-2016
Vendor URL:  www.foxitsoftware.com/support/security-bulletins.php#content-2016 (Links to External Site)
Cause:   Access control error, Boundary error
Underlying OS:  Windows (Any)

Message History:   None.

 Source Message Contents


[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC