Foxit Reader Multiple Vulnerabilities Mar-09 Network Vulnerability

Summary

The host is installed with Foxit Reader and is prone to multiple vulnerabilities.

Impact

Successful exploitation will let attacker execute arbitrary code via relative and absolute paths and to dereference uninstalled memory. Impact Level: Application

Solution

Upgrade to the latest version. http://www.foxitsoftware.com/downloads/

Insight

- application does not require user confirmation before performing dangerous actions - stack based buffer overflow while processing a PDF file containing an action with overly long filename argument - error while processing JBIG2 symbol dictionary segment with zero new symbols

Affected

Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506.

References

http://en.securitylab.ru/nvd/369876.php
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0191
http://www.security-database.com/detail.php?alert=CVE-2009-0837

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-0191, CVE-2009-0836, CVE-2009-0837

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Air and Flash Player Multiple Vulnerabilities (Mac OS X)
Adobe Acrobat and Reader Multiple Vulnerabilities -July10 (Windows)
Adobe Acrobat Multiple Vulnerabilities - Windows
Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Windows)
Adobe Acrobat Multiple Unspecified Vulnerabilities-01 Sep13 (Mac OS X)

Take action and discover your vulnerabilities