Foxit Reader Freetype Engine Integer Overflow Vulnerability Network Vulnerability

Summary

The host is installed with Foxit Reader and is prone to integer overflow vulnerability.

Impact

Successful exploitation will let attacker execute arbitrary code or crash an affected application or gain the same user rights as the logged-on user. Impact Level: System/Application

Solution

Upgrade to Foxit Reader version 4.0.0.0619 or later. For updates refer to http://www.foxitsoftware.com/downloads/

Insight

The flaw is due to an error in FreeType engine when handling certain invalid font type, which allows attackers to execute arbitrary code.

Affected

Foxit Reader version prior to 4.0.0.0619

References

http://www.foxitsoftware.com/products/reader/security_bulletins.php#freetype
http://www.microsoft.com/technet/security/advisory/msvr11-005.mspx
http://xforce.iss.net/xforce/xfdb/68145

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1908

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

ALLMediaServer Request Handling Stack Buffer Overflow Vulnerability
Apple Safari 'CSS' Buffer Overflow Vulnerability (Win) - Dec09
ACDSee FotoSlate PLP Multiple Buffer Overflow Vulnerabilities
ALZip MIM File Processing Buffer Overflow Vulnerability
Adobe Flash Player Multiple Vulnerabilities - Mar09 (Win)

Take action and discover your vulnerabilities