SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Foxit Reader Vendors:   Foxit Software
Foxit Reader Multiple Bugs Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information
SecurityTracker Alert ID:  1040038
SecurityTracker URL:  http://securitytracker.com/id/1040038
CVE Reference:   CVE-2017-14694   (Links to External Site)
Date:  Dec 21 2017
Impact:   Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 8.3.2.25013 and prior
Description:   Multiple vulnerabilities were reported in Foxit Reader. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can obtain potentially sensitive information on the target system.

A remote user can create a specially crafted file that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.

A type confusion error may occur in certain XFA JavaScript functions.

A type confusion error may occur in certain XFA FormCalc functions.

A use-after-free memory error may occur in the use of a freed Annot object.

A use-after-free memory error may occur when deleting XFA and XML nodes during data binding.

A use-after-free memory error may occur in the use of a document that has been freed by closeDoc JavaScript.

When the target user opens a PDF file via double-click action after launching the application, the system may fail to initialize the PenInputPanel component and execute arbitrary code or crash [CVE-2017-14694].

A buffer overflow may occur in ZIP compression processing when opening EPUB files.

A type confusion error may occur during data binding when opening XFA files.

A remote user can create a specially crafted file that, when loaded by the target user, will access potentially sensitive information on the target system.

An out-of-bounds memory read error may occur when the gflags app is enabled.

An out-of-bounds memory read error may occur when the incorrect 'util.printf' parameter is called.

An out-of-bounds memory read error may occur due to uninitialized pointer flaw in the JP2_Format_Decom function call.

An out-of-bounds memory read error may occur in the 'render.image' function.

When the application is not running in Safe-Reading-Mode, an out-of-bounds memory read error may occur due to a flaw in the lrt_jp2_decompress_write_stripe function.

When the application is not running in Safe-Reading-Mode, an out-of-bounds memory read error may occur due to a flaw in the _JP2_Codestream_Read_SOT function.

When the application is not running in Safe-Reading-Mode, an out-of-bounds memory read error may occur in the GetBitmapWithoutColorKey function.

Phil Blankenship of Cerberus Security, Lin Wang, Beihang University, China, Steven Seeley (mr_me) of Offensive Security (via Trend Micro's Zero Day Initiative), Anonymous (via Trend Micro's Zero Day Initiative), soiax (via Trend Micro's Zero Day Initiative), kdot (via Trend Micro's Zero Day Initiative), Carlos Garcia Prado (via Trend Micro's Zero Day Initiative), Ashraf Alharbi (Ha5ha5hin) (via Trend Micro's Zero Day Initiative), and bit from meepwn team (via Trend Micro's Zero Day Initiative) reported these vulnerabilities.

Impact:   A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.

A remote user can obtain potentially sensitive information on the target system.

Solution:   The vendor has issued a fix (9.0) [in November 2017].

The vendor advisory is available at:

https://www.foxitsoftware.com/support/security-bulletins.php#content-2017

Vendor URL:  www.foxitsoftware.com/support/security-bulletins.php#content-2017 (Links to External Site)
Cause:   Access control error, Boundary error, State error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC