Foxit pdf reader safe10/24/2022 ![]() The GoToR action could lead to a stack buffer overflow, which could also allow an attacker unauthorized access and execute code. In memory safety, when dangling pointers get reused and memory isn’t allocated for it, it could lead to a use-after-free vulnerability, a memory corruption flaw that could be leveraged by hackers to execute arbitrary code. With FlateDecode, a FlateDecode stream can force a dangling pointer to be reused after it has been freed. #Foxit pdf reader safe softwareIn exportData, because of a restrictions vulnerability, the software fails to properly check the path passed to exportData. Since the files run outside the “Safe Mode” context, an attacker could use the bug to disclose sensitive information on vulnerable builds of the Reader.Īdditional flaws exist in other functions within the software, like the decoder FlateDecode, exportData, how it handles the GoToR action, and how it handles PDF patterns. #Foxit pdf reader safe pdfLike one that exists in the way Reader reads embedded SWF files inside PDF files. Some of the lower tier bugs exist in specialized functionalities within the software. From there, depending on the vulnerability, an attacker could either leverage the vulnerability as is, or use it in conjunction with other vulnerabilities to “execute code in the context of the current process.” ![]() To exploit the vulnerabilities an attacker could use an image file – either a BMP, TIFF, GIF, or JPEG image – to trigger a read memory past the end of an allocated buffer, or object. ![]() While eight of the vulnerabilities can directly result in remote code execution, technically all of the vulnerabilities could be used to execute code some just need to be chained together with other vulnerabilities to do so.įive of the issues stem from a flaw in ConvertToPDF plugin, a Windows shell extension Foxit installs on machines alongside the Reader software for converting PDF files or combining supported files. Like most PDF vulnerabilities, user interaction is required to exploit any of the vulnerabilities, meaning an attacker would have to trick a user into either visiting a malicious page or opening a malicious PDF file. Details around the issues weren’t publicly disclosed until two days later, on Wednesday, in coordination with the Zero Day Initiative. ![]() The company released version 8.0 of its Foxit Reader and Foxit PhantomPDF on Monday, addressing vulnerabilities in builds 7.3.4.311 and earlier of the product. Foxit patched a dozen vulnerabilities in its PDF reader software this week, more than half of which could allow an attacker to directly execute arbitrary code on vulnerable installations of the product. ![]()
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |