|
|
| |
| "Foxit Reader is a free PDF document viewer and printer, with incredible small size (only 2.55 M download size), breezing-fast launch speed and rich feature set. Foxit Reader supports Windows Me/2000/XP/2003/Vista. Its core function is compatible with PDF Standard 1.7." Secunia Research has discovered a vulnerability in Foxit Reader, which can be exploited by malicious people to compromise a user's system. |
| |
Credit:
The information has been provided by Secunia Research.
The original article can be found at: http://corporate.secunia.com/secunia_research/33/
|
| |
Vulnerable Systems:
* Foxit Reader version 2.3 build 2825
Immune Systems:
* Foxit Reader version 2.3 build 2912
The vulnerability is caused due to a boundary error when parsing format strings containing a floating point specifier in the "util.printf()" JavaScript function. This can be exploited to cause a stack-based buffer overflow via a specially crafted PDF file.
Successful exploitation allows execution of arbitrary code.
Solution:
The vulnerability is fixed in upcoming version 2.3 build 2912.
Time Table:
23/04/2008 - Vendor notified.
08/05/2008 - Vendor notified again.
08/05/2008 - Vendor response.
20/05/2008 - Public disclosure.
CVE Information:
CVE-2008-1104
|
|
|
|
|
