Foxit Reader Multiple Vulnerabilities Mar-09 Network Vulnerability

Summary

The host is installed with Foxit Reader and is prone to multiple vulnerabilities.

Impact

Successful exploitation will let attacker execute arbitrary code via relative and absolute paths and to dereference uninstalled memory. Impact Level: Application

Solution

Upgrade to the latest version. http://www.foxitsoftware.com/downloads/

Insight

- application does not require user confirmation before performing dangerous actions - stack based buffer overflow while processing a PDF file containing an action with overly long filename argument - error while processing JBIG2 symbol dictionary segment with zero new symbols

Affected

Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506.

References

http://en.securitylab.ru/nvd/369876.php
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0191
http://www.security-database.com/detail.php?alert=CVE-2009-0837

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-0191, CVE-2009-0836, CVE-2009-0837

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Air Multiple Vulnerabilities -01 May 13 (Mac OS X)
Adobe Flash Player Arbitrary Code Execution Vulnerability (Linux)
Adobe Acrobat Multiple Vulnerabilities-01 Sep14 (Mac OS X)
Active Perl Locale::Maketext Module Multiple Code Injection Vulnerabilities (Windows)
Adobe AIR Multiple Vulnerabilities -01 Feb13 (Windows)

Take action and discover your vulnerabilities