‫ Foxit Reader Insecure Library Loading Vulnerability

IRCAD2012092221
 
ID: IRCAD2012092221
Release Date: 2012-09-26
Criticality level: Highly critical
 
Software:
Foxit Reader 5.x
 
Description:
Parvez Anwar has discovered a vulnerability in Foxit Reader, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to the application loading libraries (fxdecod1.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a PDF file located on a remote WebDAV or SMB share.
Successful exploitation allows execution of arbitrary code, but requires the PDF document to have an invalid structure which can trigger a crash.
The vulnerability is confirmed in version 5.4.2.0901. Other versions may also be affected.
 
Solution
Update to version 5.4.3.
 
References:
Foxit:
 
Secunia:
 
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 8 مهر 1391

امتیاز

امتیاز شما
تعداد امتیازها:0